Coana is SOC 2 Compliant, Using Our Own SCA

We are excited to share that Coana has successfully achieved SOC 2 compliance. This milestone is crucial for us as a security-focused company, demonstrating our commitment to maintaining the highest standards of data protection.

Why SOC 2 Compliance?

SOC 2 is a rigorous framework designed to manage customer data securely and responsibly, based on Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. Customized to an organization's specific needs, SOC 2 enables businesses to design controls adhering to these principles, providing vital information on data management practices to regulators, business partners, and suppliers. Adhering to stringent security measures of SOC 2 is not only vital for our operations but also essential in providing our customers with the assurance that their data is handled with the utmost care and integrity.

Relying on Our Own Vulnerability Scanning Tool

A pivotal element of SOC 2 compliance involves establishing a comprehensive vulnerability scanning and remediation protocol. For this purpose, we are relying on our own SCA tool, Coana, integrated with Vanta (detailed in our documentation). Our SCA tool scans for known CVEs in our open source dependencies, and then uses a reachability analysis to determine the approx. 90% of vulnerabilities that are unreachable and thus safe to ignore. This approach allows us to fulfill the stringent SOC 2 requirements for vulnerability management with considerably less effort.

Appreciation for Our Compliance Partners

We partnered with Vanta, the leader in continuous compliance monitoring, to help us automate the collection of our audit evidence. Vanta provides us with the strongest security foundation to protect our customer data. We also partnered with Johanson Group for our SOC 2 audit. We highly recommend their services for companies pursuing SOC 2 compliance.

Curious About How to Use Coana for SOC 2?

If you're looking for a better way to do vulnerability scanning, reach out. We’d be more than happy to demonstrate how SCA with reachability analysis can drastically reduce the vulnerability workload at your organisation.