Kustomer Achieves SOC 2 Type I Compliance

At Kustomer, earning and maintaining the trust of our customers is paramount. That trust is why we architected the Kustomer platform from the beginning to deliver secure, reliable, continuously available applications, where the privacy of our customers’ data is always protected. It’s also why our engineering teams have spent so much of their time building robust logging, auditing, monitoring, and data encryption capabilities into the platform.

And it is that trust, and our executive team’s fervent belief that security is the responsibility of everyone that is a part of the Kustomer Krew, that has driven our adoption of industry best practices for security controls and processes throughout the many layers of the application environment and software development lifecycle. This has included strict endpoint management, extensive employee security awareness training, and comprehensive vulnerability management with regular 3rd-party penetration testing and code reviews. However, we recognize that doing the work and telling the world is not enough.

That’s why I am proud to announce that Kustomer has achieved SOC 2 Type I compliance. This comes after a highly detailed 3rd-party audit that assessed whether our security program and internal controls are designed and implemented to the AICPA Trust Service Principles and Criteria for System and Organization Control. These include:
– Security
– Availability
– Processing Integrity
– Confidentiality

Our auditors from Linford & Company reviewed Kustomer controls, procedures, and documentation around our security practices and examined security controls in our platform and products. Their final report thoroughly documents how Kustomer safeguards customer data and highlights our completion of the audit with zero exceptions.

This provides independent validation of our commitment to meeting customer requirements and delivering on their trust, by proving we have designed the controls and associated procedures to deliver a secure cloud platform.

Earlier in 2019, we announced our compliance with HIPAA standards and now SOC 2 Type I. Next, we will be pursuing SOC 2 Type II compliance to demonstrate the strength of our controls over time. This work is already well under way.

While each of these compliance standards are critical, and convey our effectiveness at protecting the data of our current and future customers, they are steps in a continuous journey and a reflection of the efforts the entire Kustomer Krew take every day to earn and maintain trust. It is a journey that we take seriously, knowing it has no end, and we are excited to celebrate each significant compliance milestone with the entire Kustomer community. We look forward to the next.

Our complete SOC 2 Type I audit report is available to customers and prospects under NDA upon request.


Jeremy is the Co-Founder and CTO of Kustomer.