Cybersecurity
SOC 2 Type 2
certified
platform
Betty Blocks places cybersecurity at the heart of its platform. With our SOC 2 Type 2 report achieved in 2024, we prove our dedication to strong data protection - empowering customers to build and scale applications securely.
Enterprise-grade security assurance
SOC 2 standards, defined by the AICPA, set a high benchmark for data security. With this certification, Betty Blocks ensures customer and application data is handled securely, enabling organizations in regulated industries to build and innovate with confidence.
Impact on customers
SOC 2 compliance proves Betty Blocks secures customer data with strong protections and rapid threat response, helping regulated industries meet compliance requirements.
Frequently Asked Questions
Got questions?
We have answers.
Is a SOC 2 report mandatory to operate a low-code platform?
It is not mandatory for SaaS businesses to obtain a SOC 2 attestation. Here at Betty Blocks, we wish to inspire the highest level of trust and transparency in our customers so that they can build their applications with confidence.
Who is the SOC 2 auditor for Betty Blocks?
The SOC2 Type 2 audit was performed by Mathison.
For how long is the SOC 2 attestation valid?
A SOC2 Type 2 attestation has no explicit validity period. The report considers a specific reporting period (in our case, December 2023 through May 2024) during which we have demonstrably implemented and effectively operated all applicable controls required to meet the AICPA Trust Services Criteria objectives. It is up to each organization to determine how long after the issuance of the report they are willing to accept the report as being valid. If desired, Betty Blocks management can issue a gap letter to close the period between the issuance of the latest report and a specific moment in time.
Why is a SOC 2 attestation important for Betty Blocks?
By having a third-party audit of our security standards and having them marked as up to industry standards, we are able to better align on how to improve how we protect customer data in the future. This allows us to stay ahead of the curve and put continuous efforts towards data security.
What is the difference between SOC 2 and SOC 1?
The difference between the two attestations is that SOC 2 considers a broad range of requirements as specified by the AICPA Trust Services Criteria, while SOC 1 focuses on an organization's financial controls.
What is the difference between a Type 1 and a Type 2 report?
A SOC2 Type 1 report evaluates whether an organization has implemented controls to meet the Trust Services Criteria control objectives at a certain point in time (a snapshot). A Type 2 attestation evaluates the implementation and effectiveness of these controls over a period of time (e.g. a period of 6 months).