Over the last year, we have focused on ensuring our data security practices are as per industry standards. The SOC 2 Report provides independent third-party verification of our rigorous process and assessment of controls designed to protect sensitive client information. It also allows our partners to feel confident that they can rely on NimbleBox.ai as a trusted partner in terms of security.
NimbleBox.ai has received SOC 2 Type II certification from Prescient Assurance Inc., an independent third-party auditor who provides cybersecurity assessment services to vendors like us who want to ensure their products meet industry standards for data protection. They reviewed NimbleBox.ai's security controls, infrastructure, information security practices, procedures, and operations based on the standards set by AICPA. In addition, Sprinto assisted the team at NimbleBox.ai with monitoring business operations and the technology stack, among other essential checks.
Today, we're glad to announce that NimbleBox.ai is SOC 2 Type II compliant for the trust services criteria of security, availability, and confidentiality.
This blog discusses SOC2, our compliance journey, and what this means for NimbleBox.ai customers.
SOC 2, which stands for Service Organization Control 2, is a voluntary compliance standard for organizations developed by the American Institute of CPAs (AICPA).
It specifies guidelines for organizations to use, maintain and manage customer data and recommends best practices in information security. SOC 2 compliance requires not just adherence to a set of security controls but also meticulous documentation of those controls and continuous monitoring and testing to ensure the controls function as designed.
By adhering to SOC 2's rigorous standards and successfully achieving this milestone, NimbleBox.ai finally celebrates months of hard work by our team.
We have embedded a culture of security into our business. What do we mean by this?
It means we -
This isn’t an exhaustive nor finite list, but our latest SOC 2 Type 2 compliance makes our commitment to the security of our users' data official.
If you are an existing NimbleBox.ai customer, email or let us know in your dedicated shared Slack channel to obtain a copy of the report. If you are currently piloting or evaluating NimbleBox.ai, your point of contact can provide you with the SOC 2 audit report under NDA.
We are proud to be SOC 2 compliant, and we believe this is another step in our journey to ensure our customers can trust us with their data. It's also an important recognition for NimbleBox.ai as it demonstrates the quality and maturity of our approach to handling sensitive data.
Following our SOC 2 Type II report, we must get audited annually to ensure we stay compliant. The next step for NimbleBox.ai's investment in security is getting ISO27001 certified.