SearchStax’s Managed Solr Achieves SOC 2 Type 2 Compliance

We are proud to announce the successful completion of a SOC 2 Type 2 audit for our Solr cloud service. The SOC 2 compliance attestation further demonstrates the commitment SearchStax has towards delivering a high degree of trust and security to its customers. 

What is SOC2 Compliance & why is it critical?

Security is becoming more and more important as breaches grow in number and severity and the cost of a breach increases. At the same time, organizations are moving faster than ever to deploy and maintain new IT systems. This has become more prevalent with applications in the cloud. 

Today’s PaaS/SaaS organizations must demonstrate that they have adequate controls of data protection technologies and processes. The American Institute of Certified Public Accountants (AICPA) created Service Organization Control 2 Type 2, or “SOC 2 Type 2,” as standards governing how cloud service providers assure customers that their information is secure and available when needed.

As part of the attestation process, an independent third-party auditor looks for the following:

  1. The description of our internal controls.
    What systems or processes govern how we operate at SearchStax?
  2. Internal controls as described by us are suitably designed and implemented.
  3. The controls are effectively operating over a period of time.
    SOC 2 Type 2 audits examine a set time period. Therefore, the resulting report covers that specified period as opposed to the controls at a specific point in time, which is covered in a SOC 2 Type 1 report.

How does it benefit you?

SOC2 Compliance assures SearchStax customers that we have internal controls established to provide stability, mitigate risk, operate securely and effectively over the long term. It provides confidence and trust that our systems are designed to protect, store and process your data securely.

Our commitment to engaging an independent third party that provides an audit of these controls and provides deviations if any, adds an additional layer of trust and oversight on our Service Operations. With SOC 2 Type 2, SearchStax’s Solr Service has independent third-party validation that SearchStax is a trusted cloud provider for handling mission-critical data. This helps alleviate concerns about cybersecurity so that organizations can accelerate cloud adoption with Apache Solr.

Why SOC2 Type 2 Matters

SOC2 reports come in two forms, Type 1 and Type 2:

  • Type 1 reports concern policies and procedures that were placed in operation at a specific moment in time.
  • Type 2 reports concern policies and procedures over a specified time period; for this more rigorous designation, systems must be evaluated for a longer duration (typically 3-6 months).

SOC 2 Type 2 ensures that companies who have successfully undergone the audit don’t just have controls in place (that’s covered by SOC 2 Type 1). Rather, it certifies that those controls have been successfully tested over a period of time. So instead of being evaluated on a simple snapshot of an organization’s internal controls, SOC 2 Type 2 certification requires companies to undergo an audit lasting anywhere from several months to a year to make sure these controls are deployed properly and effectively.

Availability of SOC2 Report for our Solr Service

The SOC 2 Type 2 report is not public, but we are able to share it under a non-disclosure agreement. If you would like a copy of the report, please contact us and we will get in touch.

About the Author

Recommended for you