Security is an integral part of our DNA, both in our products and in our internal processes. Whether it's your company data or your users' data, you trust us to protect your most important information. That's why security and privacy have always been top priorities. From the beginning, we've worked closely with experts on application security assessments, security architecture reviews, and network penetration testing.

Today, we are pleased to announce that we have received our SOC 2 Type II report, reaffirming our commitment to security and making all of our security efforts transparent to our users. As the engineer responsible for our SOC 2 technical controls, I'm here to explain in detail what this means for you and how we protect your data.

What is SOC 2 Type II certification?

The SOC 2 Type II audit is an industry-recognized security certification for software-as-a-service (SaaS) companies. It validates that your data is secure, safe, and controlled with WEDO. The 6-month long audit involved a thorough analysis of our controls, the tests we perform to assess their effectiveness, and the results of those tests.

Why SOC 2 now?

As remote working has become the norm, employees need to be able to access work data securely from anywhere. For many early-stage startups, it’s tempting to treat security as an afterthought. After all, growth comes first, but we can’t just ignore the seriousness of security. With many recent examples of security breaches, nobody can ignore the cybersecurity threats.

Through this process, we were able to prove our dedication to protecting customer data, ensuring our systems are reliably built, and creating a secure product while scaling.

What is the content of the report?

In essence, this report confirms that WEDO meets the highest industry standards for information security. It was written by a rigorous independent auditor, and includes detailed explanations of our:

• Strong authentication controls and limited access to data - We request strong authentication on all critical systems, and limit access to customer data to those who need it to do their job.
• Continuous monitoring of controls and response to incidents - We conduct ongoing compliance monitoring to ensure that the key configurations underpinning our controls are in place, and that we are able to respond quickly to any issues that may arise.
• Employee Safety Awareness - We conduct background checks on employees prior to hiring and provide safety training at onboarding and on an ongoing basis.

Ongoing efforts

SOC 2 compliance is not a one-time thing, it's a commitment. And we must remain flexible as we evolve. As we hire more people in more specialized roles, the SOC 2 process will help us establish checkpoints and ensure that security defines every move we make.

If you are a WEDO customer and would like to learn more, contact us via support or by emailing security@wedo.swiss to request access to our full SOC 2 Type II report. And if you are considering integrating WEDO into your organization, you can contact the sales department here.

For more details on our security and privacy commitments, click here. And of course, we are always happy to answer questions on this or any other topic at info@wedo.swiss.