Building on the foundations of last year's SOC 2 Type 1 certification, we successfully completed a Type 2 audit, demonstrating ongoing compliance with the controls we established.

Most importantly, the report noted zero exceptions, meaning that all controls were implemented appropriately and were demonstrated to operate as intended.

As our customers increasingly use Sumatra for in-product optimization, where customer PII and other sensitive product data are processed, it is critical for us to establish trust in our current practices and to demonstrate our commitment to remain up-to-date and compliant. For that reason, I am thrilled to share this milestone.

—Greg Kuhlmann, CEO

Ensuring Security Best Practices

From the beginning, one of Sumatra’s guiding principles has been to embed security and privacy controls into our organization and systems. Completing this certification validated that the policies and procedures we have in place deliver on that promise.

Some of the controls validated during the audit:

• Role-based access control

• Zero Trust security

• Automated intrusion detection

• Regular penetration testing

Keeping the SOC 2 Audit on Track

To capture and communicate our control practices and security framework, we partnered with Strike Graph. While SOC 2 audits can be time-consuming, Strike Graph was able to keep the certification process moving forward by facilitating the penetration testing and auditing steps on our behalf.

Strike Graph gave us a framework to organize our security and governance practices for audit-ability and helped us communicate those practices to our customers to give them the peace of mind that we are protecting their data as rigorously as they are.

—Lucas McGrew, CIO

Want to learn more about our SOC 2 Compliance?

To learn the details of Sumatra's data privacy, data security, and compliance program, we are happy to share our full audit report. For more info, contact: infosec@sumatra.ai