As 2022 continues to raise questions about cyber stability, Sonatype has taken steps to ensure ongoing quality and rigorous standards when it comes to security practice in place for ourselves and our customers.
We have joined the ranks of many other major software companies with 3rd-party security audits. Our compliance effort has expanded with the System and Organization Controls (SOC) 2 to help establish and maintain partner and customer success.
The process was created by the American Institute of Certified Public Accountants (AICPA), the SOC2 helps ensure best practices or when there’s time and budget, but in actual use.
This analysis establishes five Trust Service Principles, detailed below with their components:
Making security tools for other companies means high quality security efforts in your own environment. Analysis by 3rd parties helps demonstrate good discipline as Sonatype's services portfolio continues to grow. As with ISO, these standards put everyone in the industry on even footing and encourage ongoing security focus.
Ongoing security steps and checks are part of our product development hygiene, and something we hope to demonstrate with this certification.
The audit measures whether a company controls secure processes over time, demonstrating a culture of effective management and change tracking.
This certification is geared towards service-oriented organizations that are stewards of key customer data. Companies entrusted with either storing or processing this information need a strong and capable security ecosystem.
But it goes beyond that: Being a critical service means availability and assurance that the service will be available and the data is reliable in times of need. Just like you need to know that the water coming out of your faucet is safe and the power is on, companies need faith in essential systems.
This was a team effort working with both our security team and a broad group across Sonatype to come together over the course of four months.
Learn more about the SOC 2 standard and our ISO certification.