Cube Dev is SOC 2 compliant—here’s what that means

Author avatarJonathan E CowperthwaitFebruary 22, 2022News & Product Updates
Cube Dev is SOC 2 compliant—here’s what that means
Show Original

Today, we’re happy to announce that Cube Dev is now SOC 2 Type I compliant. To understand how this affects all Cube users and your data, read on.

What is SOC 2 compliance?

The American Institute of CPAs (AICPA) manages a Service Organization Control reporting platform that helps businesses document the technical and policy controls they’ve put in place to keep customer data secure.

By complying with SOC 2, a business signifies that it has implemented proper systems to ensure the security, availability, processing integrity, confidentiality, and privacy of the customer data that it processes. This enables customers and users to make informed decisions when entrusting external vendors—like Cube—with building and operating a piece of their data stack.

There are two types of SOC 2 audits, Type I and Type II. Type I describes a business’s systems and processes at a point in time. Subsequently, Type II describes how these systems and processes performed over a historical period, typically at least six months. Today, Cube Dev, Inc. has attained Type I certification, and we look forward to complementing this with Type II certification with the passage of time.

What does SOC 2 certification entail?

There are five Trust Service Criteria—basically, principles that cover an area of safety and control.

  1. Security. A company should be able to show that its systems are protected from unauthorized access.
  2. Availability. The company’s systems should have controls in place to ensure that the systems are available when their end users need it.
  3. Processing integrity. The company’s systems deliver the right data at the right time—and there are monitoring and quality assurance procedures in place to maintain this integrity.
  4. Confidentiality. Customer data is restricted to specific people or organizations, using technical controls including network and application firewalls and role-based access controls.
  5. Privacy. When customer data includes personal information, that personal information is collected, used, retained, disclosed, and disposed of in compliance with the business’s privacy policies.

Why does SOC 2 compliance matter?

Cube’s mission is making the world’s data consistent and accessible, supporting powerful and fast data applications. We achieve this mission by consuming data from modern data stores, organizing it into consistent definitions, and delivering the data to every tool—and, obviously, this requires your trust.

To build a modern data stack, every company has to make informed decisions to trust external vendors. This begins with the hosting providers that store raw data in the cloud data warehouse, and continues across the stack with the tools that transform, process, and display data in all its forms.

Without basic trust in these components, each company would have to build and maintain an entire data stack from the ground up—which is not core to most companies’ interest or core capabilities. It’s an understatement that this would significantly slow the pace of innovation.

SOC 2 is one of the most reputable audit reports available. We believe it helps our customers understand Cube’s commitment to data security and privacy, so that you can build data applications with confidence.

What’s next?

With the passage of time, we look forward to complementing our SOC 2 Type I certification with an SOC 2 Type II certification. This will pose additional challenges to our team—not only must we continue to follow our documented procedures, but we will need to do so in a way that is auditable—but these are challenges we look forward to meeting.

We’ll also continue to invest in security training and oversight, hardening our systems, and growing a team and a culture that treats our customers’ data safety as our top priority. Put more succinctly, today’s announcement is not the finish line, but a milestone in our journey.

Along the way, if you have any questions about our controls or policies, or need advice about navigating the processes to bring your own business into SOC 2 compliance, please accept our invitation to get in touch.

We know firms in every industry that rely on SOC 2 certification to evaluate the vendors in their data stack. We’re proud to have earned your trust and excited to meet your requirements.

share this article