Keepit Achieves SOC 2 Type 1 Attestation, Reinforcing Commitment to Data Security and Trust

Keepit is proud to announce that we have successfully achieved SOC 2 Type 1 attestation. This significant milestone, validated by independent auditors at Deloitte, confirms that our security controls are rigorously designed and implemented to protect customer data according to the highest industry standards. The attestation provides our customers and partners with a verified, independent assessment of our internal controls across the Trust Services Criteria of Security, Availability, Confidentiality, and Privacy, as defined by the American Institute of Certified Public Accountants (AICPA).

What This Means for Our Customers

For organizations that entrust their data to Keepit, this SOC 2 attestation provides tangible benefits:

• Independently Validated Security: It offers formal assurance that our policies and procedures for safeguarding data are not just claimed, but have been reviewed and validated by a leading third-party auditor.
• Simplified Due Diligence: The SOC 2 report streamlines your vendor risk assessment and due diligence processes, making it easier to confirm that Keepit meets your organization’s compliance requirements.
• A Commitment to Transparency: This achievement demonstrates our ongoing commitment to transparency and continuous improvement, reinforcing the foundation of trust we build with every customer.

This milestone complements our existing ISO/IEC 27001 certification and strengthens our position as a leader in secure, reliable data protection.

A Deep Dive into Our SOC 2 Audit

The SOC 2 Type 1 audit provides a snapshot in time, assessing whether an organization’s security controls are suitably designed to meet its objectives. The rigorous audit process conducted by Deloitte involved the validation of 108 distinct internal controls at Keepit. These controls were assessed across multiple business functions and domains, including:

• Security & Operations: Vulnerability management, network monitoring, and patching.
• Development & QA: Secure software development lifecycle (SDLC) practices.
• Data & Privacy: Procedures for handling personal data in line with our privacy policy.
• Human Resources: Secure employee onboarding, offboarding, and training protocols.
• Physical Security: Controls for securing access to all facilities and systems.

To validate each control, our teams provided extensive evidence, including formal policies, documented procedures, and technical implementation samples.

Our Journey to SOC 2 Type 2

Achieving SOC 2 Type 1 is a critical step, not a final destination. We are already preparing for our SOC 2 Type 2 assessment. While a Type 1 report evaluates the design of controls at a specific moment, a Type 2 report evaluates their operational effectiveness over a sustained period (typically 6-12 months). This next phase will verify that our controls are not only well-designed but are also functioning consistently as intended. This progression reflects our commitment to accountability and resilience.

A Foundation of Trust

The successful SOC 2 Type 1 attestation is a testament to the diligent work of the entire Keepit team. It signals to our customers and partners that we have established a strong, verifiable baseline for data protection. We remain dedicated to upholding the most rigorous security standards to protect our customers’ data and ensure their business continuity.