ANNOUNCEMENT

Announcing OneSchema’s SOC 2 Type II recertification and SOC 3 Report

OneSchema’s updated SOC 2 Type II and SOC 3 report is the next step in our organization’s investments in security.

Sol Chen

Sol is the Chief of Staff at OneSchema.

September 27, 2022

As a trusted provider for building out best-in-class data import capabilities, we continuously aim to not just meet but also exceed industry standards and customer expectations for security controls. That’s why we invested in robust security practices early and it’s always been a core focus of our business. 

While we continue to launch new features, data security remains a fundamental part of our commitment to ensuring and protecting the privacy of sensitive user information. Today, we’re excited to announce that OneSchema has received our second SOC 2 Type II certification for security, availability, and confidentiality, as well as a new publicly available SOC 3 report. 

OneSchema’s SOC 2 Type II report

SOC 2 is an auditing standard maintained by the American Institute of Certified Public Accountants (AICPA) to test an organization’s internal controls for security and privacy. A year ago, we shared our first SOC 2 Type II report (read also: OneSchema's guide to SOC2 for Startups).

Now, we’re continuing our established commitment to security with the addition of our newest SOC 2 Type II report. This internal controls report reflects how we safeguard customer data at OneSchema, and how effectively those controls are operating.

OneSchema’s SOC 2 Type II examination and SOC 3 report were performed by an independent auditor, Insight Assurance, and monitored by Vanta, the leader in automated SOC2 monitoring. At the end of the examination, OneSchema received a 100% clean report, with no exceptions noted.

An overview of SOC 2 compliance

Companies using cloud service providers look to SOC 2 to evaluate the risks associated with third-party technology services. SOC 2 Type II reports include coverage of a company’s systems and controls and track the design and operational effectiveness of them over a period of time (between a 3 to 12 month period).

SOC 2 defines criteria for managing customer data based on five “trust service principles” — security, availability, processing integrity, confidentiality, and privacy. 

A example of controls covered in our SOC 2 Type II report include:

  • Logical Access Controls
  • Application Development Controls
  • System Monitoring Controls
  • Data Security Controls

An overview of SOC 3 compliance

Like SOC 2, the SOC 3 report has been developed based on the Auditing Standards Board of the AICPA Trust Service Criteria (TSC) and reports on the same information categories as a SOC 2 report. The main difference between the two is that a SOC 3 is intended for a general audience. SOC 3 reports do not include the same details as a SOC 2 Type II report, and are meant to be shared publicly.

Read about Security at OneSchema and download our SOC 3 report here.

If you'd like to learn more about OneSchema’s Enterprise security, please contact sales@oneschema.co. 

Continue reading

Make data imports effortless and efficient

Ready to get started?

Request a Demo