We’re excited to announce that Lang.ai received its first Service Organization Control (SOC) 2 Type II certification in 2020. At Lang.ai, we chose to get a SOC 2 report for two reasons. First, we wanted to hold ourselves accountable to a rigorous framework to help ensure that we keep our customers’ data safe. Second, we wanted a streamlined, standardized way to communicate our security practices to our customers.
What is a SOC2 report and how are Type I and Type II different?
SOC 2 is a deep external audit, delivered in a detailed final report, that closely examines a company’s information systems to ensure they meet five principles of trust established by the American Institute of CPAs (AICPA): security, availability, processing integrity, confidentiality, and privacy. SOC 2 certification is awarded to businesses who demonstrate their ability to meet the institute’s high standards in each of those categories. All SOC2 reports cover security, and depending on your business, other areas such as privacy may be included as well.
SOC 2 Type I assesses whether a business’ systems and design meet the trust principles at a specific point in time, while Type II attests that they met them over several months. In other words, there’s a rigorous historical element — and proof of continued commitment — to Type II.
At Lang.ai, we decided to go for a SOC2 Type II directly in order to show our commitment to safeguard customer data — and their customers’ data — over time.
Now that we have a standardized way to communicate our security practices, our prospects and customers can request the SOC2 report and go into detail on how we operate.