Sorry, our demo is not currently available on mobile devices.

Please check out the desktop version.
You can learn more about Stemma on our blog.
See Our Blog
close icon
January 26, 2022
January 19, 2022
-
min read

Stemma is now SOC 2 Type II Certified

by
Dorian Johnson
Co-founder, CTO of Stemma
Share This Article

At Stemma, we are committed to the security and privacy of your data. Our SOC 2 Type II certification is a publicly visible milestone in the journey towards that commitment.

What does it mean for you?

Stemma provides data users the ability to search, understand, and trust the data present in their organizations. In order to do so, a few common questions that we get asked during security reviews with our customers are:

  • Where and how does Stemma store this metadata?
  • Who has access to it, and what are the controls around it?
  • How and when will the customers be notified if an incident occurs?
  • Does the company have internal policies and procedures in place for safeguarding data?

The important thing about maintaining security and privacy isn’t building that system security, but rather living those principles every day as you operate and further develop the system.

If you are an existing customer, please contact us through your dedicated slack channel.

If you are considering Stemma, please ask your Stemma contact or reach out through our website.

Type II: Much stronger than Type I

There are generally two types of SOC 2 reports - Type I and Type II. Type I can be obtained faster, but a Type II report is more detailed and trusted.

Stemma specifically chose to pursue SOC2 Type II for that reason. Customers and prospects generally prefer – and sometimes even require – a SOC 2 Type II report.‍

  • Type I reports give a snapshot of your company’s practice on a particular date. They describe the security rules (“controls”) your company follows but do not assess repeated adherence to these controls. You can think of them as conveying “here are the appropriate policies for our organization.” Type I audits are often faster because they don’t test the effectiveness of your security measures. They tend to carry less weight, especially with larger firms.
  • Type II reports describe and evaluate your company’s practices over time (typically 3-12 months.) You can think of them as conveying “here are the appropriate security rules for our service, and here’s how well they work.” They provide more assurance that your company is able to secure sensitive information. [1]

Security and privacy is an ongoing and key investment for us. If you are interested in seeing a copy of our SOC2 Type II certification report, let us know. If you are an existing customer, please contact us through your dedicated slack channel. If you are considering Stemma, please ask your Stemma representative or contact us through our website.

Share This Article
Stay in the loop by subscribing to our newsletter
Oops! Something went wrong while submitting the form.

Next Articles

September 15, 2021
September 15, 2021
-
min read

Data Discovery in Data Mesh

Why is data discovery important? What is the role for data discovery in data mesh? Who's responsible for making data discoverable? Learn the answers to these questions (and more!) — summarized from a recent panel discussion on Data Discovery in Data Mesh.

October 4, 2021
October 4, 2021
-
min read

Making Sense of Metadata Ingestion

One of the early questions that data engineering teams pose when implementing a catalog is: should we make the catalog responsible for gathering metadata from data systems ("pull"), or task data systems with reporting metadata to the catalog ("push")? And, what are the consequences of using one approach over the other? Learn how to ingest metadata into your catalog and which method to choose.

October 7, 2021
October 7, 2021
-
min read

3 Steps for a Successful Data Migration

Learn the 3 crucial steps that great data engineering teams follow for a successful data migration.