SOC 2 Type 2

Created by: dcomas

Problem to solve

Security and compliance is a top concern for SaaS users. We need to handle security and data in industry standard and compliant ways

Without SOC2, the majority of our possible (and current) customer will not use our Sourcegraph hosted offering

Scope

Managed instances are our Sourcegraph hosted environment for teams and thus are in scope.

Measure of success

• A SOC2 Type 2 report is available to share with customers and prospects
• We can be confident that all the controls owned by the security team are compliant with the SOC 2 framework requirements.
• The SOC 2 Type 2 tracker items status is green for all the controls the security team owns.

Solution summary

SOC2 Type 2 report validates we have controls in place for SOC2 compliance as validated by a 3rd party audit

Impact on use cases

No impact on use cases

Delivery plan

• https://github.com/sourcegraph/security/issues/2

• https://github.com/sourcegraph/security/issues/3

• https://github.com/sourcegraph/security/issues/4

• https://github.com/sourcegraph/security/issues/5

• https://github.com/sourcegraph/security/issues/26