How We Protect Your Security with SOC 2 Type 2 Compliance
Protecting the security and privacy of our customer and user data has always been a top priority for us at ClickUp.
As we continue our mission of making the world more productive and saving people one day every week, we’re also doubling down on our security compliance to ensure our customer’s data is always secure.
Today we’re thrilled to announce that we’ve successfully completed the SOC 2 Type 2 examination, further expanding on our recent SOC 2 Type 1 compliance.
Here’s what this means for you!
What is SOC 2?
First, a quick refresher about SOC 2.
The Service Organization Control (SOC) 2 examination is one of the most coveted and meaningful security achievements in software. It represents a proactive and relentless effort to ensure our systems, servers, and products are industry-leading in security and compliance.
The SOC 2 examination is only granted after a rigorous and regular audit process by an independent CPA firm.
Organizations and end-users need to know that their data can be trusted in the hands of a SaaS provider. This is why we partnered closely with Schellman & Company LLC, a leading provider of attestation and compliance services, to independently audit and verify our organizational and technology controls. Schellman’s audit operates under the SOC 2 compliance framework provided by the American Institute of CPA (AICPA).
How did ClickUp reach SOC 2 Type 2?
The SOC 2 Type 2 examination was conducted via a thorough audit of ClickUp’s servers, systems, and products from August 1, 2020 to January 31, 2021. This examination covers AICPA’s Five Trust and Integrity Principles:
- Security: protecting against unauthorized access
- Availability: ensuring the system is available for operation and use
- Processing Integrity: system processing is complete, accurate, timely, and authorized
- Confidentiality: information designated as confidential is protected as committed or agreed
- Privacy: personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA (Canadian Institute of Chartered Accountants)
ClickUp’s successful SOC 2 Type 2 examination was focused on controls as they relate to security. The results reveal that ClickUp’s information and systems are thoroughly protected against unauthorized access, disclosure of information, and damage to systems.
How does Type 2 differ from Type 1?
The SOC 2 Type 2 examination goes well beyond the compliance related to SOC 2 Type 1.
While SOC 2 Types 1 compliance ensures that a company has best practices in place at a design level, Type 2 provides a higher level of assurance through a rigorous examination of all internal servers, systems, and policies over an extended period of time.
Our continual commitment to your security
We know how important the security of your data is to you and your business. When you use ClickUp, you are putting your trust in us to protect that data at every level. This is why we hold our commitment to your security as our highest priority.
Beyond investing in this type of thorough security review, we continue to deliver on our commitment to earning your trust every day by:
- Releasing a new and improved version of ClickUp every week
- Implementing hotfixes to bugs every day
- Achieving (and maintaining) compliance with the most rigorous security protocols and certifications
Our successful SOC 2 Type 2 examination is only the latest milestone in delivering on our commitment. At the end of the day, we built ClickUp to empower you to get more done— without ever having to worry about your data or privacy being compromised.
To learn more about what we’re doing to protect you, check out our Security page!