Nacelle SOC 2

Nacelle is proud to announce that we've received a clean SOC 2 Type 2 attestation report. This rigorous, independent assessment of our internal controls and platform security serves as validation of our dedication and adherence to the highest standards for security, confidentiality, and availability. 

This is an important milestone but is in no way an end to our commitment to our customers and the security of their data. Nacelle views security as the foundation upon which our products are built and upon which trust with our customers is earned and maintained. 

 

What is a SOC 2 Report?

Developed by the AICPA, SOC 2 is an extensive auditing procedure that ensures that a company is handling customer data securely and in a manner that protects the organization as well as the privacy of its customers. SOC 2 is designed for service providers storing and/or processing customer data in the cloud.

There are two types of SOC 2 audits that a company may undergo. SOC 2 Type 1, is an audit of a company's systems, processes, and procedures as a snapshot in time. Type 1 evaluates whether a company's security processes are designed to address the AICPA's trust principles. SOC 2 Type 2 determines whether a company's systems are effective over time. This is the report that a company gets after months or years of being operational, proving that its systems are effectively protected against material breaches over the months or years it has existed. At Nacelle, we wanted to show that we put serious thought into our security systems and that they work. This is why we pursued a SOC 2 Type 2 audit. We wanted to demonstrate to our clients and partners that our security systems have passed the test of time.

Conducted by Sensiba San Filippo LLP, a nationally recognized CPA firm registered with the Public Company Accounting Oversight Board, this attestation report affirms that Nacelle’s information security practices, policies, procedures, and operations meet the rigorous SOC 2 Trust Service Criteria for security, confidentiality, and availability. 

As more enterprises look to process data with cloud-based services like Nacelle, it’s critical that they do so in a way that ensures their data will remain safe. 

Although we have received our SOC 2 Type 2 attestation report, we are committed to continuously improving our systems and processes to keep our data and platform secure. We approach security with the same mindset that we approach the development of our product — never stop improving. If you'd like to learn more about Nacelle and how we serve our customers, please reach out to us!

 

SOC2_Drata 21972-312_SOC_NonCPA