Pendo Community

Pendo Achieves SOC 2 Type 2 Compliance

Published Sep 18, 2018

Last week, Pendo passed its SOC 2 Type 2 audit with no exceptions.

Around this time last year, Pendo announced completion of a SOC 2 Type 1 audit, a significant milestone in our support of our growing community of large, often regulated customers.

Pendo’s CFO, Jennifer Kaelin, explains the difference between Type 1 and Type 2 as something like the difference between a balance sheet audit and a full audit of your financial operations. The former makes a judgment based on a snapshot; the latter looks at your financial controls in action, over time, while your business is operating at full steam.

Similarly, SOC 2 Type 1 is a snapshot. It says you’ve defined the right data privacy policies and controls. Type 2 goes a substantial step forward, certifying that these policies and controls are consistently applied in the day-to-day operations of the business.

While achieving SOC 2 Type 1 compliance was an important milestone, Type 2 is a bigger deal. It says that Pendo is walking the talk, that we’re organized to handle the data privacy concerns of the largest companies on the planet.

SOC 2 controls can address any of five trust principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Pendo’s Type 2 audit covered all five.

Why does this matter?

Because it allows our customers to fully adopt and take advantage of the Pendo product cloud without worrying about risks to their products or their customers. In the era of GDPR, digital product companies are constantly balancing their needs to track product users and personalize content, with their requirements to carefully protect any personally identifying information.

If a company can’t trust the data controls associated with a tool they need, they are forced to underutilize its capabilities, or institute complex workarounds to manage privacy concerns. Either situation results in companies getting far less than full value from the analytics tools they adopt.

Pendo’s commitment to enterprise-grade security, privacy, availability, and performance is driven by our desire to provide high-quality services (we basically think it’s simply the right thing to do), but also because we want to make sure that even the largest, most security-conscious organizations can fully use, and get full value from our platform.

Pendo’s compliance commitment

There was a time when your value proposition was no more or less complicated than the utility of the product you delivered. Now, it’s much more than that. It’s the user experience your product provides. It’s the customer experience your company delivers. Increasingly, it’s the investments that you make to protect your customers’ data. This is the age we live in.

Pendo takes this very seriously. In fact, it’s no longer a difficult tradeoff between adding net new features and investing in data protections. These are easy roadmap discussions. It’s our most fundamental commitment to our customers.

Have questions about Pendo’s commitment to privacy and security? Visit our trust page. You may also want to meet Kate, Pendo’s data protection officer.

Still have questions? Contact us at [email protected].