Earthly Achieves SOC 2 Type 2 Compliance

We take security very seriously here at Earthly. As a user, you shouldn’t have to worry about a SaaS vendor being sloppy with your business’ data. We have an information security program that has been in place and communicated throughout our organization for quite some time now, and we achieved SOC 2 Type 1 compliance in April 2023 (Read our SOC 2 Type 1 announcement). This announcement is quite late, but we are still excited to announce that Earthly achieved SOC 2 Type 2 compliance on October 26, 2023.

What’s the difference between SOC 2 Type 1 and Type 2?

Service Organization Control 2 (SOC 2) is important for assessing and verifying the controls around the security, availability, processing integrity, confidentiality, and privacy of systems that process user data. This is particularly significant for SaaS providers like Earthly.

There are two types of SOC 2 compliance:

• SOC 2 Type 1 examines and validates the design and implementation of an organization’s controls at a single point in time. This assessment is akin to a snapshot, providing assurance that at a specific moment, the organization had appropriate mechanisms in place to safeguard data in accordance with SOC 2 standards.
• SOC 2 Type 2 goes a step further by evaluating how effectively these controls are maintained and operated over an extended period, typically 6 to 12 months. This type of compliance is more dynamic and ongoing, offering a deeper, more continuous insight into the organization’s operational effectiveness. It requires the organization to not only establish but also consistently apply its controls over time, demonstrating a sustained commitment to data security and compliance.

What Does This Mean for Earthly Cloud Users?

Our SOC 2 Type 2 compliance doesn’t impact the functionality of Earthly Cloud (or Earthly Satellites). Both will continue to work exactly as they always have and as our users expect.

From a non-functional standpoint, SOC 2 Type 2 compliance helps assure our users that they can rely on Earthly Cloud (and Earthly Satellites) for continuous business operations and that downtime and potential disruptions are minimized. It also helps assure users that risks associated with data breaches, unauthorized access, and data loss are mitigated. Also, many industries and companies have stringent regulatory requirements that require SOC 2 Type 2 compliance from SaaS vendors. For those users, it means that Earthly meets their security needs and is a valid option for them to consider and choose.

To request a copy of our SOC 2 Type 2 report, contact security@earthly.dev .