Upholding Trust: Sisu Achieves SOC 2 Type II, HIPAA, and Privacy Shield Compliance

By Jay Laney - April 28, 2020

Today, I’m thrilled to announce four major security, compliance, and privacy milestones that our engineering team has achieved. Starting from the top, we can now offer customers and prospects our Sisu SOC 2 Type II report, assurances that we can meet HIPAA compliance requirements, validation of our Privacy Shield compliance, and finally the Veracode Verified badge.

These milestones are the culmination of months of work by our engineering, operations, and product teams to demonstrate our commitment to upholding the trust of our customers and protecting their data.

We believe that security is a straightforward conversation. To that end, here’s the no-frills summary of what our team has achieved today. This certainly isn’t the end (more on that later), but the whole team here can be proud of what we’ve delivered for our customers.

  • Sisu is SOC 2 Type II certified. We are very proud to share that we have achieved SOC 2 Type II certification, with independent attestation from Linford and supported with daily monitoring from Vanta.
  • Sisu supports HIPAA compliance. Today we are also announcing that the Sisu platform fully supports our customers’ efforts to maintain HIPAA. We can and will enter into Business Associate Agreements (BAAs) with customers.
  • EU-U.S. and Swiss-U.S. Privacy Shield. Sisu is certified under the EU-US and Swiss-US Privacy Shield Framework. While we already support the requirements for GDPR and the California CCPA, gaining Privacy Shield certification further strengthens the confidence international organizations have using Sisu to accelerate their analysis.
  • Veracode Verified. Finally, we are announcing that our platform and development processes meet the requirements for Veracode’s standard level of certification.

Trust as a Core Principle

From the beginning, Sisu has held the security, privacy, and control of our customers’ data as a first principle. It’s in the founding documents of the company, reflected in the first architecture designs we reviewed, and stands as one of our five core values, “Uphold Trust.”

“Trust is hard to earn and easy to lose. We work hard to earn and maintain the trust of our users, who entrust us with their data and their decisions. We uphold the trust of our partners, our investors, and our team — we do not compromise on trust.”

This is an easy thing to claim, but a hard thing to actually do, day in and day out. I’ve been a part of compliance engineering efforts on other teams, and it’s always a massive undertaking. What I’m particularly proud of here is that everyone was bought in. Even though we already had a solid foundation for this work, we were able to accomplish our Sisu SOC 2 on an accelerated timeline and continue to do both security and product development on a very rapid cadence.

Veracode Verified – Delivering secure code, securely

Beyond how we give customers precise control over their data, we’ve also built best-in-class security practices into how we build, test, and deploy our code at Sisu. To that end, we’ve been working to validate our development processes with Veracode, and I’m very proud to announce that we’re now listed in their Veracode Verified directory.

Our code – and the way we build our platform – is not only a source of value for our company, but for our customers. It’s critical that we protect it from the moment it’s designed, through development and review, and those considerations are part of every part of the process. It’s something every member of our team feels ownership over and a key reason we’re consistently rated as one of the most secure analytics platforms available for the enterprise.

Building on a strong foundation

Everything we do at Sisu centers around our “Iterate towards greatness” value, and security is no exception. Great security programs are built around the ideal of continual refinement and improvement. As quickly as the world moves, the work of security has to move quicker to maintain our commitments. Just as these advances build on a strong foundation of GDPR and CCPA compliance in the platform, we’re looking ahead to what’s next. We don’t believe that speed and security are mutually exclusive, and it’s a compelling engineering challenge to ensure we can protect both our customers’ data as well as their ability to adapt to a rapidly changing business environment.

To that end, our entire team is committed to ongoing, aggressive, and unceasing investment in these and future security programs. For more on how we think about security at Sisu and build trust into everything we do, I encourage you to read on in this blog post by Richard Reinders, Head of Security at Sisu.


Read more

Security at Sisu

An introduction to Richard Reinders, Head of Security at Sisu. Dive into our current investments in security at Sisu and where we’re headed in the immediate future.

Read more

Three Design Principles for Operational Analytics

With more data, we need faster tools for analysis. At Sisu, we've identified three key design principles for making analytics accessible and understandable.

Read more