Oleria achieves accelerated SOC 2 Type 2 Certification 

At Oleria, trust — not only in our technology, but the people and processes behind it — is our number one priority. That’s why we took a unique approach to accelerate our SOC 2 Type 2 audit, and today can give our customers the full assurance that Oleria is officially SOC 2 compliant. This rigorous independent audit validates that Oleria provides the controls to protect our customers’ data availability, confidentiality and integrity — and can stand as a pillar of our customers’ modern security posture: foundational identity security built on its own strong identity security.

Oleria’s completion of the SOC 2 audit on a dramatically shortened timeline compared to other best-in-class security startups demonstrates Oleria’s focus on building trust into the fabric of the platform — including proactively deploying the tools, protocols, and continuous monitoring and validation to meet the highest cybersecurity standards and earn our customers’ confidence from the very start.

Practicing what we preach: Secure innovation at speed

One of our core beliefs is that organizations should not have to choose between security and agile innovation. We put that belief into action from Day 1 in the development of the Oleria Trustfusion platform and Oleria Adaptive Security solution.

While many early-stage SaaS companies prioritize rapid development of customer-facing features above all else, Oleria concurrently invested heavily in laying the internal foundation that allows us to monitor and respond quickly to security events.

We refused to cut corners in building our back-end security infrastructure, best-in-class partners solutions from Wiz, Crowdstrike and Drata, among others, to help us monitor all our environments. Rather than the typical start-up approach of deploying controls in a limited manner to control costs, we committed to deploying tools like EDR, cloud security posture management across all devices very early on.

Strong evidence of security controls shortens SOC 2 audit timeline

That early investment is paying off as we’re proving that secure innovation at speed is not only possible, but eminently practical.

In the past 12 months, we built Oleria Adaptive Security from the ground up, successfully deployed the beta solution in several customer environments, and officially launched for general availability in April. 

Because we simultaneously prioritized building out our secure infrastructure, we were able to provide high-quality evidence to independent auditors to demonstrate our security controls and complete the SOC 2 Type 2 audit process in just two months. This process takes the typical SaaS cybersecurity company at least six months to complete.

What is SOC 2 Type 2 Certification? 

SOC 2 certification has become a must-have for any type of SaaS cloud company worldwide—and particularly critical for a SaaS cybersecurity company like Oleria. Developed by the American Institute of CPAs (AICPA), SOC 2 is a cybersecurity compliance framework that ensures third-party service providers (and cloud service providers, in particular) store and process customer data in a secure manner.  

SOC 2 defines criteria for managing customer data based on five “trust service principles”: 

• Security: Information protected from physical and digital unauthorized access. 
• Availability: Customers have continuous access to their information in the system. 
• Processing integrity: Information processed in a timely manner.  
• Confidentiality: Sensitive and/or regulated information secured with appropriate controls. 
• Privacy: Process align with the company’s privacy notice and any relevant data privacy regulations. 

What is the SOC 2 audit process? 

The SOC 2 report provides detailed information on Oleria’s internal controls for safeguarding customer data. More specifically, SOC 2 expands on SOC 1 by auditing those internal data controls over an extended time period to prove they continually meet the SOC 2 criteria. 

Per the SOC 2 requirements, Oleria engaged an external auditor, Assurance Lab, to conduct the rigorous audit. We used Drata for continuous monitoring of our compliance and to centralize the audit documentation, providing Assurance Lab with comprehensive data to demonstrate our high-level security protocols and consistent practices that meet the security, availability, processing integrity, confidentiality, and privacy standards to protect our customer data in accordance with SOC 2. 

Benefits of SOC 2 Type 2 for Oleria customers 

The external validation and SOC 2 certification of Oleria provides several benefits to our customers: 

• Enhanced security posture: Oleria customers are assured that Oleria’s identity security solution adheres to industry-leading security standards. 
• Demonstrably effective controls: Our SOC 2 Type 2 report (available by request) details the controls that we have implemented to protect your data’s availability, confidentiality and integrity. 
• Identity security built on strong identity security: Notably, SOC 2 confirms that Oleria’s own identity and access management (IAM) program is comprehensive, robust and effective. In other words, Oleria’s SOC 2 certification validates that Oleria’s adaptive identity security solution is founded on our own strong identity security practices.  

Security is a journey, not a destination 

SOC 2 Type 2 certification is an important milestone for Oleria as it demonstrates the secure foundation beneath the Oleria Trustfusion Platform. This reinforces confidence in the Oleria Adaptive Security solution, giving our customers peace of mind while allowing them to meet their own security requirements around working with SOC 2-compliant third-parties. 

But we know that trust must be continually earned. Just as we’ve done from Day 1, we will continually invest in pursuing the highest standards and certifications in the cybersecurity domain, to evolve and advance the most trusted adaptative identity management platform for our customers. 

To read more about Oleria’s strong foundation of internal security controls, visit the Oleria Trust Center.

Schedule a demo today to see how Oleria can give your organization the modern identity security capabilities to drive secure innovation at speed.