Join Bridgewater State University for a Website Search Webinar on Dec. 10 | REGISTER NOW
Managed Solr Solution Achieves SOC 2 Type 2

Mar. 01, 2022

Dipsy Kapoor

|

3 min. read

We are proud to announce the successful completion of a SOC 2 Type 2 audit for SearchStax Cloud, our Solr-as-a-Service cloud solution, and SearchStax Site Search, our site search solution. The SOC 2 Type 2 compliance attestation further demonstrates the commitment SearchStax has towards delivering a high degree of trust and security to its customers.

February 2022 Update – SearchStax has completed the annual Soc 2 Type 2 audit for both SearchStax Cloud and SearchStax Studio.

What is SOC2 Compliance and Why is it Critical?

Security is becoming more and more important as breaches grow in number and severity and the cost of a breach increases. At the same time, organizations are moving faster than ever to deploy and maintain new IT systems. This has become more prevalent with applications in the cloud. 

Today’s PaaS/SaaS organizations must demonstrate that they have adequate controls of data protection technologies and processes. The American Institute of Certified Public Accountants (AICPA) created Service Organization Control 2 Type 2, or “SOC 2 Type 2,” as standards governing how cloud service providers assure customers that their information is secure and available when needed.

As part of the attestation process, an independent third-party auditor looks for the following:

  1. The description of our internal controls
    What systems or processes govern how we operate at SearchStax?
  2. Internal controls as described by us are suitably designed and implemented.
  3. The controls are effectively operating over a period of time.
    SOC2 Type2 audits examine a set time period. Therefore, the resulting report covers that specified period as opposed to the controls at a specific point in time, which is covered in a SOC 2 Type 1 report.

How Does SOC 2 Type 2 Compliance Benefit You?

SOC 2 Type 2 Compliance assures SearchStax customers that we have internal controls established to provide stability, mitigate risk, operate securely and effectively over the long term. It provides confidence and trust that our systems are designed to protect, store and process your data securely.

Our commitment to engaging an independent third party that provides an audit of these controls and provides deviations if any, adds an additional layer of trust and oversight on our Service Operations. With SOC 2 Type 2 compliance, SearchStax’s Solr Service has independent third-party validation that SearchStax is a trusted cloud provider for handling mission-critical data. This helps alleviate concerns about cybersecurity so that organizations can accelerate cloud adoption with Apache Solr.

Why SOC2 Compliance Matters

SOC2 reports come in two forms, Type 1 and Type 2:

  • Type 1 reports concern policies and procedures that were placed in operation at a specific moment in time.
  • Type 2 reports concern policies and procedures over a specified time period; for this more rigorous designation, systems must be evaluated for a longer duration (typically 3-6 months).

SOC 2 Type 2 ensures that companies who have successfully undergone the audit don’t just have controls in place (that’s covered by SOC 2 Type 1). Rather, it certifies that those controls have been successfully tested over a period of time. So instead of being evaluated on a simple snapshot of an organization’s internal controls, SOC 2 Type 2 certification requires companies to undergo an audit lasting anywhere from several months to a year to make sure these controls are deployed properly and effectively.

Availability of SOC 2 Type 2 Compliance Report for our SearchStax Cloud and SearchStax Studio

The SOC 2 Type 2 report is not public, but we are able to share it under a non-disclosure agreement. If you would like a copy of the report, please contact us and we will get in touch.

By Dipsy Kapoor

VP, Engineering

"...Your developers’ time is a very valuable commodity. They should spend their time focused on value-added activities such as building better search experiences instead of dealing with the mundane operational details of deploying, managing and scaling Solr infrastructure..."

You might also like: