Celebrating Our Newest Certification

We are pleased to announce that Respond Software has successfully completed the SOC 2 Type 1 audit process.  This means that we have engaged with an independent third-party auditor to assess and verify that we have the necessary security controls in place to protect our systems and the integrity, privacy, and confidentiality of our customers’ data.

The SOC 2 (System and Organization Controls) examination process is exhaustive and rigorous. Auditors consider a broad array of operating procedures in detail to ensure they adhere to well-defined criteria specified by the American Institute of Certified Public Accountants (AICPA). These range from the physical security of office locations to accounting practices and corporate policies and procedures, but also include technical details about a technology product’s implementation, as well as the external services relied upon to facilitate that implementation.

Our completion of the SOC audit process demonstrates the depth and breadth of our commitment to information security to our current and future customers, as well as to the general public. We’re a mission-driven organization, and the SOC 2 Type 1 certification highlights our seriousness of purpose and the strength of our dedication to our mission.

A testament to the rigor of Respond Software’s security controls

SOC 2 Type 1 certification means that our customers can rest assured that the security controls in place in our production environment—where the Respond Analyst’s intelligent decision engine is hard at work, evaluating evidence to determine whether or not particular security events are worthy of further attention—adhere to the highest industry standards. It also means that our development environment has access controls, security tools, and carefully-designed processes in place to ensure that security is deeply embedded into every aspect of our product.

And it means that our customers can feel good about the security practices of a company they’re relying on to keep their own data and environments safe.

Not only do we create and bring to market the industry-leading technology that’s embodied in the Respond Analyst, we also use it—on an everyday basis—for security monitoring in our own environment. We’re not the only organization to have successfully demonstrated compliance with rigorous industry guidelines or regulatory standards while running the Respond Analyst, of course, but we’re still proud of our product’s performance.

Smooth, transparent, and ahead-of-schedule: our SOC audit process

It’s common for organizations to complete the SOC examination process with caveats in their final report, but ours has none. At Respond Software pragmatic security is a foundation of our culture enabling a rapid confirmation of our compliance with best-practices and requirements throughout our audit process.

As a result of our preparedness, we’re on track to pursue the next level of SOC 2 certification—Type 2—on an aggressive timeline. SOC 2 Type 2 certification demonstrates that an organization is able to maintain over time the rigorous data protection and system security controls we evidenced having in place during the SOC 2 Type 1 audit process. We anticipate completing the SOC 2 Type 2 audit process early in 2020.

We wouldn’t be able to achieve such ambitious goals without the unique competencies and expertise of our staff. Few technology companies, even in the cybersecurity industry, can boast of employee resources as rich and deep as ours. Many of our team members have held roles in security operations centers (SOCs), so they have an intimate understanding of the challenges and rewards of enterprise-grade information security. All have extensive industry experience and top credentials including penetration testing and security research expertise.  Even our VP of Marketing holds the CISSP (Certified Information Systems Security Professional) certification.

Faith in the power of intelligent automation

A core belief in the value and potential of automation underlies everything we do here at Respond Software. We built the Respond Analyst so that we could help skillful people—cybersecurity professionals—become more effective. And we use automation in our own secure software development process to ensure that our engineers, who are some of the industry’s most talented people, are able to focus their attention on the most important tasks they face, rather than mundane or repetitive processes.

Our SOC 2 Type 1 certification is hard evidence that we’re on the right track. The speed and transparency with which we were able to complete the auditing process show that what we’re doing is working. And the effectiveness of the Respond Analyst in real-world customer environments validates our mission, every single day.

Ryan Black

Ryan Black is the Director of Customer Operations at Respond Software where he heads strategy and operations for on-premise Respond Analyst deployment. Prior to joining Respond, Ryan was the Senior Director of Security Operations at Bugcrowd where he developed and led the Application Security Engineering team responsible for vulnerability triage and bug bounty services. He has also held various InfoSec and technology positions at companies such as HP Enterprise, Aflac and Apple. In addition to professional experience, he holds several industry certifications and participates in a variety of open-source software projects, independent security research, and diversity-in-security initiatives. On personal time Ryan enjoys coding, gaming, various crafts, and nature activities with his wife, two kids, and three dogs.

View all posts by Ryan Black