To be frank with you, as a technical founder I couldn’t fully appreciate this before. We built Masthead specifically to not access clients’ data – we don’t ask for permissions to query (read) or, God forbid, edit clients’ data. I was confident this approach was sufficient since we never process or see client data, which has actually taken us quite far, thanks to our enterprise customers across healthcare, fintech, consumer goods, and other industries.
What I didn’t appreciate enough was that SOC2 isn’t primarily about the product – it’s about organizations and how they operate. It examines how you’re prepared to handle different risks, whether your employees know how to respond to phishing emails, what cloud security measures you have in place, and so on. The larger your organization, the more challenging implementation becomes – more employees, more processes, more things to worry about.
The certification process wasn’t particularly lengthy for us, but it was definitely tedious. I want to thank our CTO Sergii, who was conscious from day one about implementing proper Cloud Policies and network measures, which significantly simplified the certification process and all the paperwork involved.
More importantly, I want to express my gratitude to all our customers who trusted and worked with us even before we achieved this obviously important organizational milestone.
Read more.
