As an all-in-one data platform, data security is, naturally, very important to us at Weld. In fact, data security is a foundation on which we’ve built our product. From the very start of our journey, protecting client data has been a top priority.
To that end, in September we announced our SOC 2 Type 1 compliance. And today, we’re pleased to share that we’ve now also received our SOC 2 Type 2 compliance certification in Security, Availability, and Confidentiality.
What is SOC 2 compliance?
SOC 2 compliance is the gold standard data security certification for business service providers. It validates that the way client data is processed, stored, and transmitted by a company is secure and protected, based on standards set by the AICPA.
SOC 2 Type 1 and SOC 2 Type 2 compliance
There are two parts to SOC 2 certification, and Weld now has both.
- SOC 2 Type 1 validates systems and structure of data security based on a snapshot in time.
- SOC 2 Type 2 validates functions and operations of data security over an extended period of time.
Essentially, SOC 2 Type 1 assesses what’s been set up for data security, while SOC 2 Type 2 assesses how that setup works in practice. To maintain our best practices of data security, we use Drata as our security and compliance automation platform.
Trust services criteria
Both Weld’s SOC 2 Type 1 and SOC 2 Type 2 reports measure the Security, Availability, and Confidentiality trust services criteria. What does that mean?
- Security: We follow best practices like two-factor authentication, access controls, identity management, encryption, breach alerts, and firewall maintenance.
- Availability: Our customers can access our products and we have systems in place to ensure performance and uptime and support disaster recovery and incident management.
- Confidentiality: Our customers' data is safe from unauthorized access, and we ensure this with top-grade security standards such as encryption, access controls and 2-factor authentication.
What this certification means to us at Weld
At Weld, we pride ourselves on being a customer-centric business, and placing client needs at the heart of our operations. We also believe that trust is something to be earned through transparency, honesty, and understanding. This SOC 2 Type 2 certification reflects our company values of keeping our focus on our customers, and working to earn trust. It’s our way of showing our commitment to being leaders in the business data industry and maintaining a high level of integrity.
Get a copy of Weld’s SOC 2 Type 2 compliance report
Existing Weld customers can reach out via email or your dedicated Slack channel to request a copy of the auditor’s report. For those who are not current Weld customers but would like to see the report, we can provide you with a copy under NDA.
What’s next for Weld’s data security?
Protecting our clients and maintaining a high standard of data security is an ongoing effort, and it doesn’t stop here. We’ll continue to pursue further measures to ensure customer data remains secure and protected. The next milestone Weld is working towards is ISO 27001:2013 certification, which outlines requirements for an organization’s information security management system.
This SOC 2 Type 2 certification is our latest achievement in upholding the security of client data, and putting our company values into practice. We look forward to keeping data security a top priority as Weld continues to grow.