Resources Blog Sonatype now SOC2 certified

Sonatype now SOC2 certified

As 2022 continues to raise questions about cyber stability, Sonatype has taken steps to ensure ongoing quality and rigorous standards when it comes to security practice in place for ourselves and our customers.

We have joined the ranks of many other major software companies with 3rd-party security audits. Our compliance effort has expanded with the System and Organization Controls (SOC) 2 to help establish and maintain partner and customer success.

What is the SOC2 certification?

The process was created by the American Institute of Certified Public Accountants (AICPA), the SOC2 helps ensure best practices or when there’s time and budget, but in actual use.

This analysis establishes five Trust Service Principles, detailed below with their components:

Breakdown of cert elements including security, availability, confidentiality, proces integrity, and privacy

Why is SOC 2 important?

Making security tools for other companies means high quality security efforts in your own environment. Analysis by 3rd parties helps demonstrate good discipline as Sonatype's services portfolio continues to grow. As with ISO, these standards put everyone in the industry on even footing and encourage ongoing security focus.

Ongoing security steps and checks are part of our product development hygiene, and something we hope to demonstrate with this certification.

Who gets the certification? What's required?

The audit measures whether a company controls secure processes over time, demonstrating a culture of effective management and change tracking.

This certification is geared towards service-oriented organizations that are stewards of key customer data. Companies entrusted with either storing or processing this information need a strong and capable security ecosystem.

But it goes beyond that: Being a critical service means availability and assurance that the service will be available and the data is reliable in times of need. Just like you need to know that the water coming out of your faucet is safe and the power is on, companies need faith in essential systems.

Thanks to the team

This was a team effort working with both our security team and a broad group across Sonatype to come together over the course of four months.

Learn more about the SOC 2 standard and our ISO certification.

Picture of Michael Griffin

Written by Michael Griffin

Michael serves as Sonatype's Vice President, Information Security and brings over 22 years experience building and leading Information Security programs for organizations. Michael is active in professional organizations, such as ISACA and ISSA where he enjoys helping organizations improve their programs and mentoring others.