We're thrilled to announce that Knock is now SOC 2 Type II compliant, having successfully completed our audit between August - November 2021. We have our report in hand, and we're happy to share it. Please email security@knock.app if you'd like access.
What is SOC 2?
SOC 2 is an information security standard that looks at the controls we have in place for the security, availability, and privacy of our data. There's a great blog post from our friends at WorkOS if you'd like to learn more.
Tools for compliance
In the past, both Sam and I were involved with the SOC 2 compliance process at Frame.io, which took a large amount of company time and resources. We tracked the closure of security gaps in spreadsheets, and any automations we managed as part of that process were homegrown.
Fast forward four years and it's thankfully gotten a lot easier to manage a SOC 2 compliance process. We went into our audit preparation with the goal of automating our SOC 2 controls process to the greatest extent possible, both to make this (and future) audits easier on our team, and to ensure we had proactive controls in place to alert us to security gaps moving forward. To enable that automation, we selected Vanta as our compliance partner. It automates a lot of the compliance process work and it centralizes security control monitoring for the software we use to run Knock.
If you're a founder looking to go through this process yourself, feel free to get in touch with us. We have opinions and learnings to share.
Security is our priority
At Knock we have invested in the security of our service from day zero, and this SOC 2 certification is a recognition of that. That said, we know that this certification is just a step along the journey of continually ensuring the security of our service. You can expect an ongoing effort (and further updates) from our team here in the future.
If you'd like to learn more about our security practices, you can do so on our security page.