SOC 2 Type 2 Report

Cybersecurity is at the heart of the Betty Blocks platform. As of 2024, our company has obtained a SOC 2 (System Organization Controls Type 2) report to attest to data security excellence. This lays down the brickwork for our customers to pursue digital transformation and build their applications in a safe and secure environment.

More information on SOC 2 Type 2?

Do you have any further queries or wish to know how obtaining our SOC 2 report benefits your business? Don't hesitate to get in touch with us.

Contact us

Contact us

Why we are SOC 2 certified

The standards of the Systems and Organization Controls are maintained by the American Institute of Certified Public Accountants (AICPA), making the report one of the highest attestations of cybersecurity within the field. The Betty Blocks platform is used by organizations from all types of regulated industries, such as finance, legal, government, and more. To support them in pursuing their innovative technological endeavors, the SOC 2 attestation ensures that all data hosted on the platform is handled according to the standards set out by the AICPA. With this stamp of approval, the Betty Blocks platform is confirmed to have the designated security tools in place to prove good conduct of customer and application data.

SOC 2 reports are unique to each business, and the criteria have been tailored to benefit our users and their needs. To bolster the practice of safeguarding customer information, Betty Blocks has obtained its SOC 2 attestation based on the following criteria:

Security

Having the necessary security controls in place is vital to obtaining a SOC 2 attestation and is thus mandatory for any SOC 2 report. When it comes to protecting against unauthorized access, data removal, and malicious attacks, Betty Blocks has proven that it has robust safety measures in place. The platform provides security tools such as access controls (SSO/2FA), intrusion detection, anti-virus protection, and firewalls.

Availability

Given that our services are fully cloud-based, we are carefully committed to ensuring round-the-clock uptime so that customers can access the Betty Blocks platform. The SOC 2 audit has confirmed that we provide the necessary policies on backup systems, data recovery, and business continuity should a security issue arise. 

Processing integrity

Our platform is dedicated to delivering the right tooling so that our customers can deliver the right results. We adhere to industry standards of processing integrity, and our SOC 2 auditor has established that all components within the Betty Blocks platform function as per design in a reliable, accurate, and compliant manner. This is vital to ensuring that all our customers have access to their products, services, and data. 

Confidentiality

In line with the data security protocols that protect customer data, the Betty Blocks platform also has processes in place to handle confidential information such as source codes, user details, and passwords. Access to information hosted on the platform can be configured as necessary so it can only be accessed by authorized employees through permission settings. 

Privacy

Betty Blocks has taken the necessary measures to protect any personal information stored on the platform from data breaches through both physical (on-premise) and virtual means (access controls, encryptions, GDPR compliance, etc.). Data retention is also in line with all NDAs or contractual agreements with our customers. 
background-image-white

How does this impact Betty Blocks customers?

SOC 2 compliance is crucial for providing customers with trust and transparency while upholding the guarantee that their data is safe with Betty Blocks. Having been awarded the SOC 2 attestation, Betty Blocks has proven it takes customer data seriously as a SaaS platform and has the necessary protocols in place to swiftly respond to unauthorized access, data breaches, or other cybersecurity-related threats.  

By securing evidence of SOC 2 compliance, our platform can continue to be optimized for data security to provide higher customer satisfaction. Following the successful completion of the audit, we’ve been able to align on industry best practices, which helps our clients based in regulated industries to meet their own compliance requirements when creating applications with the Betty Blocks platform. 

 

Paramount governance

One of the key features of our low-code platform is the extensive governance settings. To uphold data integrity, it is crucial that company information is only accessible to authorized employees for whom the information is deemed relevant. We offer customizable access settings based on role, department, seniority, and responsibility to ensure that organizations can set their own data security policies. These measures have passed the SOC 2 audit, thus inspiring a greater level of trust within our customer base. 

SOC 2 attestation FAQ

Is a SOC 2 report mandatory to operate a low-code platform?

It is not mandatory for SaaS businesses to obtain a SOC 2 attestation. Here at Betty Blocks, we wish to inspire the highest level of trust and transparency in our customers so that they can build their applications with confidence. 

Who is the SOC 2 auditor for Betty Blocks?

The SOC2 Type 2 audit was performed by Mathison.

For how long is the SOC 2 attestation valid?

A SOC2 Type 2 attestation has no explicit validity period. The report considers a specific reporting period (in our case, December 2023 through May 2024) during which we have demonstrably implemented and effectively operated all applicable controls required to meet the AICPA Trust Services Criteria objectives. It is up to each organization to determine how long after the issuance of the report they are willing to accept the report as being valid. If desired, Betty Blocks management can issue a gap letter to close the period between the issuance of the latest report and a specific moment in time.

Why is a SOC 2 attestation important for Betty Blocks?

By having a third-party audit of our security standards and having them marked as up to industry standards, we are able to better align on how to improve how we protect customer data in the future. This allows us to stay ahead of the curve and put continuous efforts towards data security. 

What is the difference between SOC 2 and SOC 1?

The difference between the two attestations is that SOC 2 considers a broad range of requirements as specified by the AICPA Trust Services Criteria, while SOC 1 focuses on an organization's financial controls.

What is the difference between a Type 1 and a Type 2 report?

A SOC2 Type 1 report evaluates whether an organization has implemented controls to meet the Trust Services Criteria control objectives at a certain point in time (a snapshot). A Type 2 attestation evaluates the implementation and effectiveness of these controls over a period of time (e.g. a period of 6 months).

What other security measures does Betty Blocks have?

To bolster our efforts towards cyber security even further, we’re also ISO 27001 certified
background-image-white

Start aligning business and IT

Experience the impact of Betty Blocks on your innovation goals in a 30 minute demo based on your business case

Request a demo