Hypothesis SOC2 Compliance

Roadmap and Timeframe for SOC2 Compliance

We are dedicated to maintaining the highest standards of security and process discipline. We recognize the importance of SOC2 compliance in ensuring that our systems are secure, available, and appropriately protect the privacy of customers and their data. This document outlines our roadmap to full SOC2 compliance and the timetable for achieving this goal.

Current Compliance with AWS

As part of our existing infrastructure, we host our service and data on Amazon Web Services (AWS), a platform that is already SOC2 compliant. Therefore most of the critical online systems that our customers use are *already* within SOC2 compliance. AWS provides a regular public-facing (SOC3) report twice per year, which is available from their page here. This report is identical in form and contains most of what is in their SOC2 (restricted-use) report.  We can provide the SOC2 report to customers who require one, however because of their requirements that can only be provided under NDA.

Our Commitment to SOC2 Compliance

As of October 2023, Anno has contracted with Vanta, a SOC2 automation vendor and has entered into the 90 audit window for a SOC2 audit with Johanson Group (our engagement letter) which will be completed in January 2024.  We are currently at 95% compliance on our dashboard.

Our commitment includes:

  1. Automation of Internal Controls: We will rapidly automate every step of the internal technical and business process controls necessary for SOC2 compliance.  Much of this work is already completed.
  2. Ongoing Compliance Monitoring:  Using modern compliance platforms like Vanta, we will ensure that we remain compliant by setting internal triggers to alert us if we deviate from standards.
  3. Formal Audit: When our current audit is completed with Johanson Group in early 2024 we will provide the result of this to customers and prospects.

Timeline:

July 2023: Contract with Vanta and VioletX

Q4 2023: Engaged in a formal Type 2 audit with Johanson Group.

Q1 2024: Type 2 audit result expected.

Conclusion:

Our commitment to SOC2 compliance demonstrates our dedication to the security and privacy of our customers’ data. This roadmap assures our sales organization, customer prospects, and stakeholders that we are on track to achieve full SOC2 compliance. For any inquiries or further information, please contact busadmin@hypothes.is.