Enterprise-ready security: SOC 2 compliance and more

Some of the most innovative companies in the world—across industries like e-commerce, finance, and technology—trust Assembled to help them deliver exceptional customer support at scale. For companies like Stripe and GoFundMe, security and compliance is more than just a box-ticking exercise—it's an extension of their end users' trust. Moreover, Assembled has "grown up" in a world with data protection and privacy regulations like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

As a result, we've prioritized building with best practices from day one, from securing our platform to implementing mature internal processes. Today, we're pleased to announce our SOC 2® Type II certification along with a number of other security features.

SOC 2 Type II Compliance

For the period June 1, 2020 to November 30, 2020, The Cadence Group, an industry-leading advisory and compliance specialist, reviewed our practices and controls. After a thorough examination, we've received a SOC 2 Type II report indicating our compliance with the "Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy" as laid out by the American Institute of Certified Public Accountants (AICPA).

In short, the SOC 2 report is the end result of a detailed AICPA assessment of the security, availability and integrity of the systems that an organization uses to process user data as well as the privacy and confidentiality of that information. It considers how privacy and security issues—from user-facing interfaces like two-factor authentication and access control to back-end processes like encryption, incident handling and performance monitoring—impact Assembled and provides crucial auditing of our existing systems.

As part of this process, we've engaged or expanded our presence with a number of best-in-class providers to harden our security and compliance program:

• Doyensec: An independent security research and development company focused on vulnerability and discovery and remediation.
• Vanta: An automated security and compliance platform that provides monitoring for cloud infrastructure configuration, employee access, and more.
• Coalition: A cybersecurity and insurance firm that provides comprehensive coverage, cybersecurity tools, and 24/7 incident response.
• Cloudflare: A holistic web performance and security company that we utilize for application security as well as network security.

Improvements in security and stability

In addition to changes made within the scope of SOC 2 compliance, we've also made a number of major improvements to the security and stability of our platform. Many of these are invisible but help keep our systems and your user data safe, including upgrades to our backup infrastructure and a rollout of cross-site request forgery (CSRF) tokens, which prevent a class of exploits that abuse certain functions of web browsers.

Some of these are user-facing, such as support for Single Sign-On (SSO) via Google, which is accessible from our Login page.

You can view the results of all our work at our status page, which displays live and historical uptime, at https://status.assembled.com/.

What's next

No single certification or examination represents the end of our commitment to privacy and safety. Aside from continuing to maintain our existing certifications, we’re also constantly making changes to improve our security and compliance posture. You can follow along with our dedicated, evergreen Security page.