At Rutter, security is our top priority. As a company that processes and stores sensitive data for our customers, we have always taken pride in our responsibility to ensure the security, confidentiality and integrity of their data, so that our customers can use our services with peace of mind.
Today, we are proud to announce that Rutter is officially SOC 2 Type II compliant. Achieving this certification is a huge milestone for our company as it affirms our commitment to keeping customer data safe and secure.
What is SOC 2?
Developed by the American Institute of CPAs (AICPA), SOC 2 is a compliance standard that ensures that a company is securely handling customer data. To meet the SOC 2 Type II standard, an organization must develop and maintain policies, procedures and security controls, and undergo an independent third-party audit each year.
What did we do to achieve SOC 2 compliance?
We partnered with Vanta, the leader in continuous compliance monitoring, to help us automate the collection of our audit evidence. Vanta provides us with the strongest security foundation to protect our customer data.
With the help of Vanta, we spent most of Q1 2022 establishing the baseline security measures for the company. Highlights of the work include the following:
- People processes, such as the introduction of mandatory security training and employee background checks;
- Technical checks, such as the implementation of backup strategies, encryption, and multi-factor authentication;
- Continuous monitoring of security events from our production and corporate systems;
- Assessment of our critical vendors; and
- Implementation and testing of business continuity plans.
We then asked Johanson Group LLP to conduct an audit for a period of three months for the formal certification.
What’s next?
We continue to invest in security at Rutter. For us, SOC 2 compliance goes beyond checking a box or collecting a badge - it signifies an ongoing commitment to operational excellence and data security.
A large portion of our security work comes from the Infra team - the team responsible for developing and maintaining the cloud infrastructure to help us move fast and scale. In this quarter, we are investing in the following security work to further strengthen our security posture.
- Unified secret management
- Detection and response strategies
- Promotion of secure coding practices
- Continuous vulnerability monitoring
But our security effort is not limited to the infra team, because at the core of our culture, we all know that security is everyone’s responsibility. Every team at Rutter is striving to implement security best practices and promote security initiatives via our vibrant Slack channels.
If you’re interested in Rutter, come learn more about our open roles!