Airplane has completed our SOC 2 Type I audit

AICPA SOC logo

At Airplane, as of this week, we've completed our System and Organization Controls (SOC) 2 Type I audit.

For the entire time that we've had customers using our product, we've taken industry-standard security practices. Our security efforts are led by our CTO, Joshua Ma, who has significant experience building world-class products with world-class security in his 7 years as CTO of Benchling, a life sciences SaaS company.

Our customers rely on Airplane to define, operate, and secure operations in their company that are important and often sensitive. That's why we launched with application-layer security features SSO support, group-based permissions, and approval flows. It's important that Airplane's security program reflects that as well.

Our security policy can be found here.

The SOC 2 audit is recognized industry-wide as one of the highest standards of information security compliance in the world. The System and Organization Controls are defined by the American Institute of Certified Public Accountants (AICPA). Third-party auditors can use these criteria to validate information security at companies like Airplane. The final product of the audit is a SOC 2 Audited Report, which represents the auditor's view on how well that organization's security controls meet these criteria.

We worked with a third-party auditor who reviewed our internal security controls. They looked at our policies, procedures, and infrastructure regarding change management, logical access, backup and disaster recovery, security incident response, data security, and other areas of our business. Prior and throughout the audit, we worked with a firm called Secureframe, as well as the hard work of everyone on the Airplane team, to ensure that we were following industry-standard security practices.

We're proud to announce that we successfully achieved compliance and received an Auditor’s Report demonstrating that our policies, procedures, and infrastructure meet or exceed the SOC 2 criteria.

This is just one small part of our security practice here at Airplane. We'll be kicking off our SOC 2 Type II audit next, and in the future, we'll tackle HIPAA compliance as well.

Please contact us at hello@airplane.dev for more details or to access the report.