Understanding SOC 2 Type I Compliance for Iterate

Compliance with the Statement on Standards for Attestation Engagements (SSAE) No. 18, also known as Service Organization Control (SOC) 2 Type I, is increasingly important for software and cloud-based services. At Iterate, we are proud to say that our product is SOC 2 Type I compliant.

The American Institute of Certified Public Accountants (AICPA) created the SSAE No. 18 to define a control framework which meets the requirements of the Federal Information Security Management Act (FISMA). SOC 2 reports are based on the SSAE No. 18 and provide assurance that service organizations and products meet the trust principles of security, availability, processing integrity, confidentiality and privacy.

SOC 2 Type I examines the suitability of a service organization’s system description, documenting and evaluating the suitability of the design of controls to meet the trust principles. The Type I report is based on a point-in-time assessment, which is done at the beginning of the audit.

Iterate undergoes annual external audits to verify its SOC 2 Type I compliance. A publicly available report from an independent auditor is available that contains details about the product’s SOC 2 Type I compliance, and the report verifies that the organization has established and maintained effective internal controls.