{"id":3601,"date":"2022-09-29T08:00:51","date_gmt":"2022-09-29T12:00:51","guid":{"rendered":"https:\/\/canny.io\/blog\/?p=3601"},"modified":"2022-11-23T18:43:39","modified_gmt":"2022-11-23T23:43:39","slug":"canny-is-now-soc-2-type-ii-compliant","status":"publish","type":"post","link":"https:\/\/canny.io\/blog\/canny-is-now-soc-2-type-ii-compliant\/","title":{"rendered":"Canny is now SOC 2 type II compliant"},"content":{"rendered":"\n

If you\u2019ve been following our journey, you know that we\u2019re always improving Canny. You also might’ve heard that we’re adapting Canny to serve larger organizations better<\/a>. <\/p>\n\n\n\n

But we didn\u2019t just take what we have and decide to sell it to a whole new market. We\u2019re making sure that Canny delivers what that market is looking for.<\/p>\n\n\n\n

We know that enterprises are looking for an easy-to-use and secure<\/strong> feedback tool. That’s why we decided to get a System and Organization Controls (SOC) 2 Type II audit.<\/p>\n\n\n\n

It\u2019s a rigorous auditing procedure<\/a> from the American Institute of CPAs (AICPA<\/a>) that checks our security policies, procedures, and controls. It also specifies how organizations should manage customer data. This protects our interests and your privacy<\/em>. <\/p>\n\n\n\n

We\u2019ve been SOC 2 Type I compliant since 2019. This meant that our security procedures were SOC 2 compliant at a point when the audit was performed.<\/p>\n\n\n\n

We\u2019ve now decided to take it one step further. SOC 2 Type II, the next audit stage, shows that a company is compliant for 90 days.<\/p>\n\n\n

\n
\"\"<\/a><\/figure>\n<\/div>\n\n\n

<\/p>\n\n\n\n

Canny completed a thorough SOC 2 Type II compliance audit administered by our independent auditor Sensiba San Filippo<\/a>. <\/p>\n\n\n\n

We documented all our processes and data management infrastructure. We also developed a progressive approach to data access permissions. Drata<\/a>, our independent security and compliance partners, reviewed our security procedures and helped us through this process.<\/p>\n\n\n\n

As a result, our SOC 2 Type II audit came back clean, showing our compliance with the SOC 2 security standard. <\/p>\n\n\n\n

And we’re not stopping there \u2013 we’re continually auditing and improving our security. We are committed to getting a new SOC 2 Type II report annually.<\/p>\n\n\n\n

Why? <\/p>\n\n\n\n