After weeks of planning and working we are excited to announce that all CometChat Pro products are now SOC 2 Type 1 certified. Our audit assures that CometChat is compliant with all 5 principles of SOC 2 certification
Principles of SOC2 Compliance
1. Security
CometChat has taken the steps to ensure both endpoint security and information security.
Our endpoint security policy stipulates that all endpoint systems use antivirus software, be updated with the latest firmware, have hard disk encryption enabled with automatic screen-lock, and be protected by strong passwords.
Additionally, our information security program ensures that all staff have security incident response training and physical security of all devices being used with the company. More specifically, our data security policy stipulates that all data be classified into groups of lowest to highest sensitivity, and that all data is regularly backed up and safely retained.
2. Availability
CometChat’s API system is available 24x7 through our website and web app beyond the minimum acceptable performance threshold as defined in our service agreement. Our APIs are hosted on AWS, which guarantees high uptime and availability of our network and support to address security incidents.
3. Confidentiality
CometChat has a confidentiality policy stipulating that confidential and personal information are secured at all times, can only be viewed using secure devices, and disclosed on a strictly need-to-know basis.
4. Processing Integrity
CometChat maintains high standards in all its system and data processing practices ensuring complete and accurate delivery of information and correction in case of any errors.
5. Privacy
CometChat has a SOC 2 compliant legal privacy policy that stipulates how personal data can be used, why it can be used, and with whom it can be shared.
What This Means for Our Customers
This is good news because CometChat being SOC 2 Type 1 certified, in addition to being GDPR & HIPAA compliant, means that companies and individuals using our products and services can rest assured of the privacy and security of their and their customers’ data.
SOC 2 is the Gold Standard in customer data privacy and security controls and certifies that we employ best industry practices for data security & privacy.
But more importantly, all service organizations with SOC 2 compliance, require all third party services to comply with the same standard of data security and privacy practices. Therefore, any such organization or business that wishes to integrate in-app chat to their website or app can now confidently put CometChat at the top of their list.
Ensuring that security and privacy of our clients’ data is a key objective for CometChat.
CometChat's SOC 2 Report
Our SOC 2 Type 1 audit report provides details about personnel security policies, internal information security management systems, perimeter defense mechanisms, control environment, and IT asset management practices to assure business partners and customers about the safety of using their service.
All our customers may request a copy of the SOC 2 Type 1 report that verifies the high standards of our systems and data protection practices subject to a non-disclosure agreement and CometChat’s discretion. Please get in touch with our team to raise a request and we will be happy to help.
To learn more about SOC 2 compliance head to this article.
About the Author
Kushal is an engineer turned content marketer with great enthusiasm for technology. He has worked with engineering, product and marketing teams to create and launch software products. Currently, Kushal is a senior marketer at CometChat trying to create value for the software developer community.
Kushal Khandelwal
CometChat