#426 Building Trust: Starting Our SOC-2 Journey

This week we evaluated tools in prep for a SOC-2 audit.

In 2023 and 2024, we concentrated on migrating from Digital Ocean to Google Cloud , making our infrastructure more robust (All in on Postgres, Twin databases, half the hassle) and improving our deployment process. As a result, we have a stable and reliable platform and our developers release new features whenever they want.

We have always built our infrastructure as safe as possible, following all best practices, but in the past years we have seen how customers request more and more for SaaS companies to be compliant with a framework such as ISO 27001, SOC-2 or others. Also, security is being established as the main focus for companies lately, as tools have access to more and more critical information.

In 2025, our focus is on additional security and compliance, to make sure our customers feel safe when using our platform and trust us with their data.

There are a lot of compliance frameworks out there: ISO 27001, ISO 27017, HIPAA, GDPR, HITRUST, SOC-2 and many more.

Parabol serves all types of companies around the world, but our main fishing ground is the United States of America. That is why, out of the many available compliance frameworks, we chose to start with SOC-2.

SOC-2 is a very known framework provided by the AICPA & CIMA, that verifies you comply with many security controls. Those controls are audited once a year and each company can decide between:

Then, the certified company can share that report with their customers and they can safely trust everything is done correctly to ensure the safety of their data. As we want our customers to feel as safe as possible, we are going to pursue a SOC-2 type II report, with a three month audit.

Getting SOC-2 certified isn’t easy or fast, as it will require us to document all our processes, pass a number of technical checks to verify the security of our infrastructure, including a penetration test, and also implement management procedures related with on and off boarding of personnel and workstation checks. This can be a challenge for a startup of our size, but we are happy to face that challenge for the sake of our customers and to improve us as a company.

We are just starting the process, evaluating the available tools in the market to help us with it, and we are really excited to see what’s ahead of us.

We are still seeing the trailing effects of the slow holiday season in our monthly numbers, but good see our weekly meetings bouncing back as people return to their regular routines.

…opened our T3 Company Retro to gather reflections.

…added a new Retro Template – “I like, I wish, I wonder.”

…continue our progress on migrating to TipTap so we can add images and GIFs!