Back to blog

Data Security @ Eppo

Eppo provides product & data teams with the tools that help turbocharge their experiments. We know that internal teams handle sensitive data on a daily basis so we understand how important it is to establish the proper controls to protect your information. Thus, we have built a culture that’s deeply rooted in security and trust.

In addition to securing our network physically and virtually, Eppo ensures the privacy and security of our customers' data — before data is stored in our systems, all sensitive information is anonymized and aggregated. Furthermore, we’ve taken steps to ensure your data is protected from potential threats and security breaches.

What is a SOC2 Report and Why does it matter?

A SOC 2 report signifies that an organization adheres to industry best practices related to the following criteria: security, availability, processing integrity, confidentiality, and privacy of data.

External audits are an excellent way for organizations to regularly check for flaws in their respective systems. At Eppo, we wanted to ensure that our security measures pass the standards set forth by the American Institute of CPAs (AICPA).

Our SOC2 Journey

We began our SOC 2 certification process in November 2021 and we were able to secure our SOC 2 Type 1 report by January 2022! The report was a big win for the team as it represents Eppo’s commitment to protecting sensitive customer data and it allowed our team to start taking on customers.

This month, we are proud to announce that Eppo has also obtained a SOC 2 Type II report! We were able to bag the ”gold standard for security reporting”.

The full report describes our suite of controls for securing and handling customer data, including but not limited to:

  • Employee recruitment, onboarding, offboarding & termination processes
  • Privileged access to the production network, application, operating system, and databases
  • System monitoring, vulnerability management, disaster recovery protocols
  • Incident response, documentation, & communication

Eppo’s SOC 2 Type I & II examination was performed by Dansa D’arata Soucia LLP and facilitated by Vanta.