You can certifiably trust us. Read on to find out why you don't need to!

Paul
Paul HawkinsChief Information Security Officer
SOC 2 Type 2 badge

CipherStash now has SOC 2 Type 2 certification. 🎉 This builds on the Type 1 certification we achieved at the end of 2024.

Thanks again to Claire, Dàire and the team at AssuranceLab for being a great audit partner, as well as to Vanta for their continuing support.

The newest report is available from trust.cipherstash.com along with a view of the control status.

What does this mean?

For us this is a continued demonstration of CipherStash’s commitment to our security program. Where Type 1 is focussed on the intent, for us to be granted Type 2 we have to show that we actually do the things! The audit is run over a 3 month period, which is long enough for the auditor to understand how we go about the day-to-day business of running our security program.

Some key call outs are how we handle our staff identity lifecycle, respond to issues, and deliver on the change management processes that we defined in our policies.

What does it mean for our customers?

For our current and future customers this means that they don’t have to take our word for how we securely operate our business. This makes it easier to do 3rd party diligence on CipherStash.

It's worth noting that the principles of transparency and trust aren’t just for the security program, but all of CipherStash. It's baked into the products we build. By design we can’t see any customer data, in fact it never leaves the customer’s trust boundary. We also can’t generate data keys that could be used to decrypt customer data, even if we could access it.

Using CipherStash means that you get a way of improving your data security posture without needing to do the heavy lifting of deep cryptography, all while keeping the engineering speed you are used to. So while our shiny new SOC 2 Type 2 badge shows that you can trust us, if you're using CipherStash, you don't actually need to trust us — your customers' sensitive data is always secure.

What's next?

If you’re on your own journey to security compliance, we can help! Check out how CipherStash helps address your SOC 2 obligations.

If you’re keen to hear more about our experience, get in touch or read about how we’ve worked with Vanta to get to SOC 2.

Start protecting your data

Get started by creating a free account and choosing your integration path, or get in touch to learn more.