June 8, 2022
Security has been a core priority since before the first line of code was ever written at Amberflo. We’re thrilled to announce that Amberflo has achieved SOC 2 Type II Compliance for demonstrating successful implementation and continued commitment (over a period of months) to the security procedures and controls outlined in our SOC 2 Type I audit.
The System and Organization Controls (SOC) 2 audit is one the highest recognized standards of information security compliance in the world. It was developed by the American Institute of CPAs (AICPA) to allow a third-party auditor to validate a service company’s internal controls with respect to information security. Our SOC 2 Audited Report is the auditor’s opinion on how Amberflo’s security controls meet or exceed the SOC 2 criteria.
To obtain our audited SOC 2 Report, a third-party auditor reviewed our internal controls including policies, procedures and infrastructure regarding data security, firewall configurations, change management, logical access, backup and disaster recovery, and security incident response. To demonstrate our commitment to security, we underwent rigorous penetration testing on our infrastructure and will continue to ensure we stay ahead of the changing threat landscape. Our customers can feel secure that their data is in good hands and we at Amberflo remain committed to delivering a secure and performant cloud metering and billing solution for any workload or scale.
SOC 2 compliance is broken down into two types, I and II. SOC 2 Type I reviews the suitability of an organization’s controls at a fixed date in time. SOC 2 Type II reviews the suitability of an organization’s controls over a period of time (several months); this provides concrete proof that the controls outlined in Type I have been implemented correctly and are being continuously adhered to. Type I compliance (which we achieved in February 2022 - read the announcement here) is a solid start for any service provider and communicates that a company has a solid roadmap and direction in place with respect to security; however, customers must trust that these controls and roadmap items are properly and continuously implemented. Type II provides evidence to back this up, supported by a third-party.
Thanks to company-wide contributions from the Amberflo team and our partners at Secureframe, we are proud to announce that Amberflo has achieved compliance and received an Auditor’s Report, outlining how our policies, procedures, controls, and infrastructure meet or exceed the SOC 2 requirements.
Amberflo allows companies to charge, track, and bill on usage. This is a mission critical system to our customers that gathers usage data and enables billing. This data must be accurate, complete, and up-to-date, and the underlying infrastructure must be available and secure under any conditions. No company can afford a lapse or error in their billing system. This certification provides independent verification of our claims and represents the depth of our commitment to providing an enterprise-grade cloud metering and billing solution for usage-based pricing.
The work doesn’t stop with this certification. Security will continue to be part of our core design principles that we incorporate at every stage of the development cycle, and we ask our customers and partners to continue to hold us accountable to our claims around security, performance, and availability. Please refer to our Trust Center for more information.