Glean successfully completes a SOC 2® assessment
This blog outlines what a SOC 2 report is and what it means for Glean.
2 min read Published: 10 Aug 2023At Glean, we continually invest in security best practices to ensure that our customer data stays safe and secure. As a part of an ongoing effort, we are excited to announce that we’ve successfully completed our SOC 2 assessment!
The examination was conducted by A-LIGN, a technology-enabled security and compliance firm trusted by more than 2,500 global organizations to help mitigate cybersecurity risks. A-LIGN did an incredibly thorough evaluation of our operations: they interviewed employees, observed processes, inspected documentation, and much more.
So, what is a SOC 2 report and what does it mean for Glean? In this article, we will walk you through the ins and outs of a SOC 2 report and how the report symbolizes trust to customers.
What is a SOC 2 report?
A SOC 2 report addresses risks associated with the handling and access of data, and can be used by a variety of organizations of any size (e.g. SaaS, colocation, data hosting, etc.) Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how an organization implements and manages controls to mitigate the identified risks to the different parts of an organization.
The SOC 2 audit testing framework is based on the Trust Services Criteria (TSC), which are used to identify various risks (points of focus) an organization should consider addressing. Based on the TSCs the organization selects to be in-scope, the third-party compliance and audit firm (in our case, A-LIGN) evaluates whether the organization has the appropriate policies, procedures and controls in place to manage the identified risks effectively.
There are five Trust Services Criteria. The first criteria, Security, must be included with every SOC 2 report and is referred to as the “Common Criteria”. The remaining four are optional to include:
- Security (required)
- Availability (optional)
- Processing Integrity (optional)
- Confidentiality (optional)
- Privacy (optional)
In order to pass a SOC 2 examination and receive a letter of attestation successfully, it means an organization is addressing controls in areas such as information security, access control, vendor management, system backup, business continuity and disaster relief, and more.
Glean was audited on the Security Trust Services Criteria.
Why do we need SOC 2?
With one of our core values being trust, we knew that completing a SOC 2 was imperative. Today, many organizations outsource their business operations and services to third-party vendors, possibly putting client data at risk. For this reason, organizations request that their vendors achieve SOC 2 compliance to demonstrate rigorous IT security standards.
Know your data is safe and secure with Glean
Glean will happily make the SOC 2 report available to current or potential customers upon execution of a non-disclosure agreement.
We hope the steps we have taken help you and your IT teams remain confident in knowing that your data is secure with Glean!
To learn more about our security policies and initiatives, please see www.glean.co/security
More from Glean News
View AllSimplify studying with AI Outline
Discover how AI Outline can make study sessions more manageable, helping you to focus on learning without feeling overwhelmed.
Glean meets ESSA level 4 criteria
As an organization driven by our mission to make learning quicker and easier for everyone, Glean is always searching for avenues to prove our impact. In collaboration with LXD Research, we've been able to start that journey.
Building Glean as a force for good
At Glean, we're always looking for innovative ways to better serve educators across the globe. Our commitment to their success has been recognised time and again by national and global bodies, here we explore why we continue to be lauded as learning leaders.