Foxglove Receives SOC 2 Certification

Announcing our newest security practices and data protection measures

Esther Weon ·

5 min read

Published October 13, 2022

Foxglove is now SOC 2 Type II compliant! After undergoing an audit according to AICPA standards, we’re excited to announce that our security processes, data protection protocols, and privacy controls met the rigorous criteria of this accepted industry standard.

What is SOC 2?

SOC 2 is an independently conducted auditing procedure that ensures service providers like Foxglove manage our customers’ data securely – to protect both your privacy and the interests of your organization.

This voluntary compliance standard evaluates vendors on five trust service principles:

Security
- Protecting systems against unauthorized access
- Examples: Firewalls, two-factor authentication, and intrusion detection
Availability
- Making systems and services accessible in accordance with a service level agreement (SLA)
- Examples: performance monitoring, disaster recover, and security incident handling
Processing integrity
- Delivering accurate data in a timely and authorized manner
- Examples: Quality assurance and processing monitoring
Confidentiality
- Limiting data access and disclosure to authorized parties
- Examples: Data encryption, access controls, and firewalls
Privacy
- Using, retaining, disclosing, and disposing of personal information in accordance with an organization’s privacy notice
- Examples: Access control, two-factor authentication, and data encryption

In addition to these five criteria, there are two types of SOC 2 compliance certification that a company can receive:

Type 1
- Compliance at a point in time
- Describes whether a vendor’s systems meet relevant trust principles
Type 2
- Compliance during an observation window (6 months to 1 year)
- Details the operational effectiveness of these compliant systems

SOC 2 reports are unique to each organization. Our team at Foxglove implemented controls to comply with the trust principles, so that we could provide information on how we manage and protect your data.

Why did we get SOC 2 certified?

As a developer tools company specializing in robotics data storage and visualization, Foxglove is in the position of handling many different categories of sensitive customer data. Not only do we help our customers store mission-critical robotics data, we also handle their personal contact data, team information, and application data.

As a result, getting SOC 2 Type II certified was a no-brainer for us. We are committed to protecting the sensitive data you entrust to us, and we want to do this by meeting the industry’s highest standards for these protocols. We feel very strongly about prioritizing security as we build out our team and products, and this audit was a natural progression of that commitment.

In pursuing this certification, we took a close look at our products from every possible angle – like system design, server architecture, access controls, and authentication flows – to ensure that they would secure and protect your data at every step. We made concrete changes like adding audit logs, improving monitoring, and documenting our alert policies, so that we would be prepared to sustain this level of compliance well into the future.

What’s next?

While SOC 2 compliance isn’t a requirement for Foxglove or any other company, we believe strongly in protecting and securing our customers’ data. Our hope is that this certification gives you even more confidence in how we handle and protect your most sensitive data.

To remain SOC 2 compliant, we will be completing annual audits, verifying our practices over the prior 12 months, going forward. No matter how much our team and products change and evolve, you can trust that our software and practices are backed by the peace of mind that this certification affords. We hope you stay tuned!

If you require a full copy of our SOC 2 report, please don’t hesitate to contact our sales team.