Data security is, and has always been, one of the core pillars upon which we've built Weld – and we know how equally important it is to our customers. This is why we're excited to announce that Weld is compliant with the SOC 2 Type 1 standard for security, availability, and confidentiality.
What is SOC 2 compliance?
SOC 2 compliance means that a trusted external advisor deeply reviewed Weld's infrastructure and security controls, based on standards set by the AICPA, and deems that Weld follows top-rated security practices that safeguard our customers' data. If you're interested in learning about the various criteria and milestones we had to work toward, you should read this comprehensive list. In essence, this means that Weld has received certification for the following principles:
- Security: We follow best practices like two-factor authentication, access controls, identity management, encryption, breach alerts, and firewall maintenance.
- Availability: Our customers can access our products and we have systems in place to ensure performance and uptime and support disaster recovery and incident management.
- Confidentiality: Our customers' data is safe from unauthorized access, and we ensure this with top-grade security standards such as encryption, access controls and 2-factor authentication.
Can I see a copy of the auditor’s report?
If you are an existing Weld customer, you can reach out to us via email or ping us on your dedicated Slack channel to request a copy of the auditor's report. We will be more than happy to share it with you. If you are not yet a customer of Weld, but would like to see the report, we can provide one under NDA.
What's next for compliance at Weld?
To continue to meet the SOC 2 standards, Weld will pursue the next SOC 2 certification, known as SOC 2 Type 2. Similar to Type 1, the Type 2 will report on the effectiveness of our security controls. But rather than represent a point-in-time snapshot, the SOC 2 Type 2 tests the controls over a period of time. When the tests are complete, the auditor will issue an opinion based on the description management has provided versus the actual operating efficiency of the controls. We will update this space once we achieve this next milestone.
We hope that this latest achievement helps to demonstrate the importance we put on security, compliance and privacy at Weld. We will continue to build products and deliver services with these principles as a top priority.