soc 2 type 1

Mattermost maintains effective security controls according to recent SOC 2 Type 1 Report

We recently underwent a System and Organization Controls SOC 2 Type 1 examination resulting in a CPA’s report stating that Mattermost has developed effective controls over the security, availability, and confidentiality of the Mattermost Cloud platform

soc 2 type 1

What is a SOC 2 Type 1 Report?

A SOC 2 Type 1 report is an internal control report on the services provided by a service organization to its customers. It provides valuable information that existing and potential customers need to assess the controls that are relevant to the security, availability, and processing integrity of the systems used to process customer information, and the privacy of that information. 

More specifically, our report evaluates the following principles developed by the American Institute of CPAs (AICPA) and the Canadian Institute of Chartered Accountants (CICA): 

  • Security. The system is protected against unauthorized access (both physical and logical).
  • Availability. The system is available for operation and use as committed or agreed.
  • Confidentiality. Information designated as confidential is protected as committed or agreed.

What this means for Mattermost clients 

This achievement further exemplifies Mattermost’s commitment to delivering a high quality, secure experience to our clients. Safety and data security are of utmost priority for Mattermost. We are pleased that our SOC 2 Type 1 report has shown that we have the appropriate controls in place to mitigate risks related to security, availability, and confidentiality.

In addition to the SOC 2 Type 1 report, Mattermost has mature security and privacy programs and practices at an organizational level. We operate a currently private bug bounty program on HackerOne, do annual penetration testing, and follow a responsible disclosure program. We are committed to and abide by the principles of GDPR, CCPA, and other privacy regulations. 

Mattermost’s continued community to cybersecurity 

For the SOC engagement, we partnered with BARR Advisory, P.A. . BARR Advisory is a cloud-based security and compliance solutions provider, specializing in cybersecurity and compliance for Software as a Service (SaaS) companies. A trusted advisor to some of the fastest-growing cloud-based organizations around the globe, BARR simplifies compliance across multiple regulatory and customer requirements in highly regulated industries including technology, financial services, healthcare, and government. 

We are excited to partner with BARR Advisory in the future on other services they provide, which include:

  • Compliance Program Assistance
  • SOC 1 Examinations 
  • SOC 2 and 3 Examinations
  • SOC for Cybersecurity
  • PCI DSS Assessment Services 
  • ISO 27001 Assessments
  • FedRAMP Security Assessments 
  • HIPAA, HITECH, and HITRUST Services 
  • Penetration Testing and Vulnerability Assessments
  • Virtual CISO services

Learn more about Mattermost’s SOC 2 Type 1 Report

Current and prospective customers interested in a copy of our SOC 2 Type 1 report may contact [email protected].

With a background in security consulting and engineering, Daniel nowadays is leading the Security organization at Mattermost to provide secure collaboration solutions for organizations world-wide.