When I first joined Scribe, I was overjoyed at the opportunity to build an early-stage security program, but frankly, I was nervous too. Nervous to sign on on my first day and see a policy or two about security stored in an obscure place that no employees read or even knew of. Nervous that I may see a lack of centralized security tools to enable me to be effective in my position. I was fully expecting to spend my first months drafting hundreds of pages of policies, and the next year or more enforcing them.
Much to my surprise and excitement, I instead found a wealth of incredibly mature information security policies that were custom to Scribe’s development process and infrastructure design. It was clear to me that Software Engineers had had a hand in writing these. Our Chief Technology Officer proudly walked me through Scribe’s architecture diagram, which he had built himself, segregating development, production and staging environments with alerting, monitoring and logging systems in place and highly controlled access. I could tell that, when it came to security, this team meant business.
Scribe is one of few Series A companies to undergo SOC 2 Type II audits. Since our inception, Scribe was founded with a commitment to security and privacy. Scribe has built security into our infrastructure, performing continuous ongoing vulnerability scanning, security-based code reviews and closely monitoring our cloud environment to make sure that your data is protected.
It is for this reason that all of us (not just the resident Security and Compliance nerd!) are thrilled to share our SOC 2 Type II audit report with our customers. As a Security and Compliance geek, I’m tirelessly committed to radical transparency with our users and our customers, and I hope this report brings you peace of mind while using our product. Scribe has enabled me to bring that vision to life and continue to make security an ever-evolving and growing goal at the core of our culture.
I’d like to give you an overview of what is in our SOC 2 report, what we have evidenced through our audits and what that means for our users (you!).
Why Now?
Scribe has become an integral part of our users’ day to day lives. From radically reducing time spent in formal training, to eliminating the need for that last-minute call to show coworkers how to perform tasks, we’ve solved pain points for users across the globe.
While you use Scribe to document your processes with step-by-step guides, we want you to know your data is protected. Our champions should be able to demonstrate to their teams that Scribe is not just easy and fast — it’s absolutely secure. I’ve always known that we can only accomplish these goals by making security a core value from day one.
What’s in the audit report?
Scribe’s SOC 2 Type II audit included a comprehensive review of Scribe’s security program based on the AICPA’s (an external audit body) security criteria. This audit included a review of Scribe’s security controls, including the following categories:
- Access control;
- Vulnerability management;
- Change management;
- Incident response; and
- Employee security awareness and education.
What does this actually mean? Scribe engaged an independent external audit body to examine evidence that Scribe controls access to customer and user data securely, scans for and remediates any vulnerabilities to security attacks, securely deploys code, and responds quickly and effectively to evidence of threats, attacks, or security incidents.
As a result, Scribe received an audit report detailing how Scribe met these requirements. Through our commitment to transparency, we’re thrilled to share this report with you.
What’s next?
We won’t stop here. Security is an ongoing commitment for us and we fully intend to grow our program as users across the globe continue to discover and use Scribe. We’ll also continue to undergo SOC 2 Type II audits, and are currently growing our security program to exceed industry standards for compliance.
Each step we take as a company will have security placed at the forefront of our priorities. I’m so proud to be at the helm of this and am of course happy to answer any questions you have. Connect with me to chat about your security wants and needs.
These conversations are not just a chance for us to strut our stuff (though our stuff is pretty impressive). They’re an opportunity for me to hear what our customers care about and what keeps them up at night when it comes to security.
I’m here to make sure our program evolves and grows as the security landscape changes to combat ever more sophisticated attacks. As security and compliance professionals, our key to success is transparency with and learning from one another. Please feel free to fill out this form if you have any questions!
{{banner-short-v2="/banner-ads"}}