FlowFuse is now SOC 2 Type 1 Compliant
FlowFuse's Path to SOC 2 Type 1 Compliance - A Testament to Our Commitment to Securing Customer and User Data.
FlowFuse achieved SOC 2 type 1 compliance! SOC 2, governed by the American Institute of Certified Public Accountants (AICPA), is a crucial framework for organizations handling customer data. An independent audit assessed that FlowFuse's controls are effectively designed and operationally applied. Achieving SOC 2 Type 1 compliance validates our practises as an business and provides our customers assurances we apply the highest standards to ensure their data is protected.
# Improving Our Security Posture
At FlowFuse, we understand that professionalizing Node-RED deployments for our clients means adhering to the highest standards, including SOC 2 requirements. This commitment is at the core of our security philosophy. In a world rife with cybersecurity threats and data breaches, taking information security seriously isn't just an option—it's a critical necessity. Our SOC 2 audit was far more than just a procedural step. It represented a comprehensive, independent third-party validation of our robust controls and processes. We believe in transparency and accountability, which is why we document our policies in our open handbook, inviting scrutiny from vendors and reinforcing trust with our customers. Providing this level of independent audit not only serves our customers better and more efficiently but also offers FlowFuse valuable insights into enhancing our security measures and identifying any gaps in our policies. This proactive approach ensures we continue keeping your data safe and secure at all times. As we continue to grow and evolve, ensuring the security of our systems and data becomes ever more critical. The next step on FlowFuse's journey to provide independant proof we're on the right track: We're currently in the observation phase of the SOC2 type 2.
SOC 2 Type 1 assesses the design of an organization's security controls at a specific point in time, while SOC 2 Type 2 evaluates the effectiveness of those controls over a period of time, typically three to twelve months.
# FlowFuse's Journey to SOC 2 Compliance
# Compliance Partners
The independent audit was performed by Advantage Partners. Their expertise played a large role in our successful attainment of this certification. Before the audit was performed the company went through an extensive process to uncover what policies were missing, required updating, or were already in place. Further, lots of tribal knowledge has been written down and is now enforced by internal policies. For example
- Data Management Policy
- Access Control Policy
- Incident Response Policy
- Human Resources Security Policy
It's been a team effort from engineering to updated HR polices!
Written By:
Published on:
Related Articles:
- FlowFuse 2.0 Release
- Service Disruption Report for October 11th, 2023
- Share & Preview Flows on flows.nodered.org
- FlowFuse announces a Node-RED stack for Industry 4.0 applications on ctrlX AUTOMATION
- FlowFuse Cloud Starter package - The easiest way to get started with Node-RED