Celebrating Our Commitment to Security: SOC 2 Type 2 Certification
Feb 15, 2024
Gradient Team
What is SOC 2 Type 2 Certification?
SOC 2 (Service Organization Control 2) Type 2 certification is recognized as a gold standard for data security and privacy. It is designed for technology and cloud computing organizations, providing an independent assessment of a company's ability to manage and protect customer data. Unlike SOC 2 Type 1, which evaluates the design of security processes at a specific point in time, Type 2 assesses how effectively these controls are operated over a period, typically a minimum of six months.
External auditors like Johanson Group determine whether a vendor complies with one or more of the five trust principles based on the systems and processes in place, and issue a certificate of compliance. In addition to Johanson Group, we leveraged Secureframe to automate our SOC 2 Type 2 certification process.
Why is SOC 2 Type 2 Certification Important for a Company Like Gradient?
Many of our customers operate in highly regulated industries like healthcare and financial services, and trust us to keep their data secure. This certification represents our ongoing commitment to ensure that our security and privacy policies are compliant with the standards established by the American Institute of Certified Public Accountants (AICPA). By undergoing a SOC 2 audit, our controls and processes were validated by a third-party who attests to the functioning of the controls relevant to our application.
A SOC 2 certification assures our customers that Gradient maintains a high level of information security. It gives our customers even greater peace of mind. For SOC 2 Type 2 certification, it requires a consistent internal review process and a comprehensive audit conducted by an independent third-party. Since achieving SOC 2 Type 1 certification in August, our team has worked diligently to enhance our security measures by implementing robust data protection policies across:
Security: Ensuring the protection of both physical and electronic information through access controls and security measures.
Availability: Maintaining service and product availability as committed or agreed upon.
Processing Integrity: Ensuring that system processing is complete, accurate, timely, and authorized.
Confidentiality: Protecting information designated as confidential from unauthorized access and disclosure.
Privacy: Protecting personal information in accordance with our pri
What Other Security Standards Does Gradient Adhere to?
Gradient consistently invests in the highest standards when it comes to responsible AI. Take a look at how Gradient took responsible AI into consideration, when we developed our domain-specific LLM for financial institutions.
As for other certifications, Gradient is both HIPAA compliant and GDPR compliant. This means that we follow a set of regulatory guidelines that outline how Protected Health Information (PHI) can be used and disclosed in a lawful manner and we fall within the scope of the General Data Protection Regulation (GDPR) - meeting all requirements for properly handling personal data as defined in the law.
Looking Ahead
Achieving SOC 2 Type 2 certification is a significant milestone, but this is just the start. We are committed to continuing to improve and strengthening our security measures to meet the evolving challenges and expectations in data protection.
We want to express our gratitude to our customers for their trust and support. Your confidence in our services motivates us to maintain the highest standards of security and privacy. We’re excited to continue to build a safer more secure product together and thank you again for being part of our journey to achieving SOC 2 Type 2 certification.