How We're Building Trust With SOC 2 Compliance

Security and privacy for all of our users is our top priority here at ClickUp.

Not only are we on a mission to help you become more productive, we’re also committed to making sure that you can trust that the work you do on our platform is always safe and secure.

This is why we’re incredibly excited to announce that we’ve achieved our industry-leading audit attestation for Service Organization Controls (SOC 2) Trust Services Principles, focused on security.

Okay, but what does that all mean for you?

Here’s what SOC 2 Compliance is, how we achieved it, and what we’re doing to build the highest level of trust and security with the most productive people on the planet: you!

What is SOC 2?

Basically, it’s one of the most coveted security achievements in software. It represents a relentless amount of effort ensuring our systems, servers, and products are industry-leading in security and compliance.

Service Organization Controls (SOC 2) is a security audit and attestation built specifically for SaaS companies that manage customer data.

Organizations and end-users need to know that their data can be trusted in the hands of a SaaS provider. This is why we are closely partnered with Schellman, a leading provider of attestation and compliance services to independently audit and verify our organizational and technology controls. Schellman’s audit operates under the SOC 2 compliance framework provided by the American Institute of CPA (AICPA).

How did ClickUp reach SOC 2 Type 1?

SOC 2 is one of the leading standards for SaaS security. This attestation is only granted after a rigorous and regular audit process that covers AICPA’s Five Trust and Integrity Principles:

Security: protecting against unauthorized access
Availability: ensuring the system is available for operation and use
Processing Integrity: system processing is complete, accurate, timely, and authorized
Confidentiality: information designated as confidential is protected as committed or agreed
Privacy: personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA (Canadian Institute of Chartered Accountants)

The framework for auditing and achieving the SOC 2 attestation is so comprehensive that many financial, governmental, and medical institutions only work with providers that are covered by this attestation.

SOC 2 Type 1 vs. SOC 2 Type 2

It’s important to distinguish that SOC 2 reports have two different variations: Type 1 and Type 2.

Our SOC 2 attestation falls into the first category (Type 1), meaning that SOC 2 reports can verify that our platform is suitably designed to secure your data. ClickUp is currently working towards SOC 2 Type 2 and will have more news to share in the new year.

This means we exercise the highest levels of security to make sure your information is secure, confidential, accurate, and always private — in addition to having a third-party independently audit and verify that level of security.

Our continual commitment to your security

When you use ClickUp, we know that you’re putting your trust in us. Which is why we hold our commitment to your security as our highest priority.

We continue to deliver on our commitment to earning your trust by:

Releasing a new and improved version of ClickUp every week
Implementing hotfixes to bugs every day
Achieving (and maintaining) compliance with the most rigorous security protocols and certifications

Our SOC 2 attestation is only the latest milestone in delivering on our commitment. Because at the end of the day, we built ClickUp to empower you to get more done — without ever having to worry about your data or information being misused.

To learn more about what we’re doing to protect you, check out our Security page here!

To learn more about other secure collaboration tools, read this blog!