Rockset Is Now SOC 2 Kind II Compliant


    The Rockset workforce is proud to announce that we have now been accredited as SOC 2 Kind II compliant. Our prospects entrust Rockset with their knowledge, and now they’ve rigorous, impartial assurance that we defend it by following safety greatest practices.

    What’s SOC 2 Kind II?

    SOC is one in all a number of System and Group Controls audits developed by the American Institute of CPAs (AICPA), the world’s largest member affiliation of accountants. Every SOC take a look at evaluates the validity of a enterprise or service supplier’s safety controls and the operational effectiveness of their programs.

    SOC assessments differ considerably, nonetheless. In response to Forbes journal, SOC 2 “is essentially the most thorough and broadly valued of the three SOC experiences,” and the Kind II accreditation requires “a much more in-depth evaluation” of our knowledge safety protocols than the Kind I. And MPA (Mortgage Skilled America) journal calls SOC 2 Kind II “among the many most coveted and exhausting to acquire information-security certifications.”

    By reaching SOC 2 Kind II compliance, Rockset was in a position to reveal that our data safety and knowledge insurance policies, procedures, and practices will defend our buyer’s knowledge. It exhibits that we’ve taken the correct steps to make sure that knowledge is safe.


    What was included within the audit? At a excessive stage, Rockset was assessed on the themes of Safety, Confidentiality and Availability for the technical infrastructure and firm processes required to supply and help our SaaS service.

    • Change administration:
      Updates to the infrastructure, software, UI and API are linked to documented necessities, and merging of recent code requires peer evaluation.
    • Secrets and techniques administration:
      Encryption keys, passwords and different secrets and techniques are saved securely in access-controlled vaults with permission granted solely on a necessity foundation.
    • Metrics-based alerting:
      Operational efficiency knowledge feeds into real-time dashboards and alerting programs.
    • Safety monitoring:
      Alerts are despatched to the safety workforce on a spread of occasions, together with uncommon outbound connections, anomalous authentication occasions, and suspicious server processes.
    • Hiring, onboarding and off-boarding processes:
      The Individuals Workforce ensures the talents and skills of recent hires match the necessities of every open place, conducts screenings throughout the hiring course of, requests applicable accesses based mostly on position, and make sure these accesses are eliminated when personnel depart the corporate.
    • Entry controls:
      Entry is granted to firm assets based mostly on position, and are reviewed on an ongoing foundation.
    • Vulnerability administration:
      Rockset conducts common Third-party penetration assessments and receives vulnerability experiences from impartial safety researchers on an ongoing foundation. Safety bugs are remediated by precedence and tracked to decision.

    What Does This Imply for You?

    For enterprises trying to carry on third-party service suppliers, Rockset’s SOC 2 Kind II compliance signifies a stage of course of maturity that minimizes threat and focuses on the safety of buyer knowledge.

    Rockset’s SOC 2 Kind II compliance signifies that our threat mitigation contains the event of deliberate insurance policies, procedures, communications and various processing options to answer and get well from any enterprise disruption. With this dedication, Rockset is ready to make sure the influence of any potential threat to our prospects is minimized.

    If you wish to be taught extra about what SOC 2 Kind II accreditation means for you, try this complete record from InfoSecurity Journal.

    Our Dedication to Your Information’s Safety and Privateness

    Earlier than we even based Rockset, we knew that safety and compliance could be entrance and heart when it got here to constructing our knowledge observability platform structure. In actual fact, safety runs in our DNA. A number of of us hail from cybersecurity suppliers like Palo Alto Networks and/or have cybersecurity certifications.

    What’s Subsequent?

    With SOC 2 Kind II, there is no such thing as a “resting in your laurels.” It’s an ongoing dedication. We’re always striving to exceed the requirements, and regularly enhance our safety posture.

    In case you have questions on Rockset’s SOC 2 Kind II compliance, attain out to our workforce at To be taught extra about Rockset’s Safety Design, please go to:

    About Martin Englund

    Martin Englund is the Data Safety Officer at Rockset and member of the Website Reliability Engineering workforce. He holds a CISSP certification and lives by the motto “The query is not when you’re paranoid, it’s in case you are paranoid sufficient”.

    Martin has over twenty 5 years of expertise in safety and automation, and has contributed to quite a few open supply DevOps instruments. Previous to his present position, he has labored as Website Reliability Engineer at Palo Alto Networks and Manufacturing Engineer at Fb.

    Earlier than switching fields to Website Reliability Engineering, he was a Principal Safety Engineer at Solar Microsystems, the place he spent over fifteen years in numerous safety roles all through the corporate, co-authored the Solaris Safety Necessities e-book, and authored a safety patent.


    Please enter your comment!
    Please enter your name here