By Jay Laney - April 28, 2020
Today, I’m thrilled to announce four major security, compliance, and privacy milestones that our engineering team has achieved. Starting from the top, we can now offer customers and prospects our Sisu SOC 2 Type II report, assurances that we can meet HIPAA compliance requirements, validation of our Privacy Shield compliance, and finally the Veracode Verified badge.
These milestones are the culmination of months of work by our engineering, operations, and product teams to demonstrate our commitment to upholding the trust of our customers and protecting their data.
We believe that security is a straightforward conversation. To that end, here’s the no-frills summary of what our team has achieved today. This certainly isn’t the end (more on that later), but the whole team here can be proud of what we’ve delivered for our customers.
From the beginning, Sisu has held the security, privacy, and control of our customers’ data as a first principle. It’s in the founding documents of the company, reflected in the first architecture designs we reviewed, and stands as one of our five core values, “Uphold Trust.”
“Trust is hard to earn and easy to lose. We work hard to earn and maintain the trust of our users, who entrust us with their data and their decisions. We uphold the trust of our partners, our investors, and our team — we do not compromise on trust.”
This is an easy thing to claim, but a hard thing to actually do, day in and day out. I’ve been a part of compliance engineering efforts on other teams, and it’s always a massive undertaking. What I’m particularly proud of here is that everyone was bought in. Even though we already had a solid foundation for this work, we were able to accomplish our Sisu SOC 2 on an accelerated timeline and continue to do both security and product development on a very rapid cadence.
Beyond how we give customers precise control over their data, we’ve also built best-in-class security practices into how we build, test, and deploy our code at Sisu. To that end, we’ve been working to validate our development processes with Veracode, and I’m very proud to announce that we’re now listed in their Veracode Verified directory.
Our code – and the way we build our platform – is not only a source of value for our company, but for our customers. It’s critical that we protect it from the moment it’s designed, through development and review, and those considerations are part of every part of the process. It’s something every member of our team feels ownership over and a key reason we’re consistently rated as one of the most secure analytics platforms available for the enterprise.
Everything we do at Sisu centers around our “Iterate towards greatness” value, and security is no exception. Great security programs are built around the ideal of continual refinement and improvement. As quickly as the world moves, the work of security has to move quicker to maintain our commitments. Just as these advances build on a strong foundation of GDPR and CCPA compliance in the platform, we’re looking ahead to what’s next. We don’t believe that speed and security are mutually exclusive, and it’s a compelling engineering challenge to ensure we can protect both our customers’ data as well as their ability to adapt to a rapidly changing business environment.
To that end, our entire team is committed to ongoing, aggressive, and unceasing investment in these and future security programs. For more on how we think about security at Sisu and build trust into everything we do, I encourage you to read on in this blog post by Richard Reinders, Head of Security at Sisu.