Glen Wise
CEO and Co-Founder

Cinder is SOC 2 compliant

Glen Wise
CEO and Co-Founder

Cinder achieves SOC 2 compliance

Cinder is proud to announce we achieved SOC 2 Type II compliance, in accordance with American Institute of Certified Public Accountants (AICPA) standards. This certification provides industry validation that Cinder’s customer data is secure on Cinder’s cutting-edge Trust & Safety platform. 

Why pursue SOC 2 Type II now?

We knew we needed to prove our commitment to security, and fast: our customers, their users & communities, our product development all depend on it. So we started the SOC 2 Type II process when we were still hiring teammates five and six!

Trust & Safety operations, investigations, escalations can involve extremely sensitive data, sometimes when people are at their most vulnerable. And Cinder handles that sensitive data for customers who care deeply about protecting their users & communities. So security is paramount: our customers need to know they can trust Cinder’s platform to treat this information safely and accurately. 

SOC2 means we continuously abide by certain policies, procedures, and operational controls that mitigate risk and enhance security. During a SOC 2 audit, a certified public accounting firm reviews policies, procedures, and controls to verify not only do we have them in place, but they are also designed and operating effectively. Once the audit period concludes, the auditors present a SOC 2 Type II report with their attestation of what policies, procedures, and operational controls Cinder established and adheres to.

How did we do it?

Tackling this process was no easy feat. With the help of fellow Y Combinator alums Vanta, we were able to keep track of requirements, deadlines, compliance, and documentation all in one easy-to-use platform. Vanta automated the collection of up to 90% of what we needed and provided an easy way to upload the rest. In addition, Vanta integrates with many of Cinder’s tools: AWS, Github, Google Workplace etc, and monitors our policies to verify ongoing compliance.

  • For example, the Vanta client was helpful making sure everyone had MFA set up appropriately. This was especially helpful on Slack, for instance, where activating MFA wasn’t a habit compared to other surfaces or banking apps, for instance. Today, having Vanta alert new hires they haven’t switched on MFA is really helpful, and builds on our foundational security practices.
  • Vanta also suggested controls we could implement and gave options for what evidence would be relevant to our audit and report. With Vanta’s expert guidance, platform, and automation, Cinder took less than two months to get ready for auditing.

For the audit and subsequent reports, we worked with Johanson Group LLP. Their professionalism and rigor made it clear they were committed to Cinder’s success!  

Lessons learned 

Make security a mindset With our founding team coming from Meta security engineering, Palantir, and the US Intelligence community, we have deep experience in security. We want to ensure this experience is reflected in our company principles, and passed on to new hires. SOC2 Type II was a chance to objectively prove our principles. 

Build foundational security practices early Creating policies, thinking through table top exercises, implementing and keeping up with tests in the months before the audit helped us form solid security fundamentals and ensure a much smoother process. Vanta made all of this easier by automating evidence collection, suggesting new practices, and highlighting compliance shortfalls early on so we could adjust or create new practices. 

Keep task ownership clear While security is everyone’s responsibility, we were able to move faster by having one or two people make it a daily priority. That person delegated specific tasks to teammates. This worked well for us at Cinder as we put together the security foundation & practices, and prepared for the audit. 

Compliance pays off Cinder handles sensitive information for customers who care deeply about protecting their users and communities, and who need to make 1000s of decisions an hour (or second!). Data security matters. And our customers report that Cinder’s SOC2 compliance—and the auditing and security measures entailed—make the onboarding process much faster and easier, as well. 

Contact Cinder: