At Stemma, we are committed to the security and privacy of your data. Our SOC 2 Type II certification is a publicly visible milestone in the journey towards that commitment.
What does it mean for you?
Stemma provides data users the ability to search, understand, and trust the data present in their organizations. In order to do so, a few common questions that we get asked during security reviews with our customers are:
- Where and how does Stemma store this metadata?
- Who has access to it, and what are the controls around it?
- How and when will the customers be notified if an incident occurs?
- Does the company have internal policies and procedures in place for safeguarding data?
The important thing about maintaining security and privacy isn’t building that system security, but rather living those principles every day as you operate and further develop the system.
If you are an existing customer, please contact us through your dedicated slack channel.
If you are considering Stemma, please ask your Stemma contact or reach out through our website.
Type II: Much stronger than Type I
There are generally two types of SOC 2 reports - Type I and Type II. Type I can be obtained faster, but a Type II report is more detailed and trusted.
Stemma specifically chose to pursue SOC2 Type II for that reason. Customers and prospects generally prefer – and sometimes even require – a SOC 2 Type II report.
- Type I reports give a snapshot of your company’s practice on a particular date. They describe the security rules (“controls”) your company follows but do not assess repeated adherence to these controls. You can think of them as conveying “here are the appropriate policies for our organization.” Type I audits are often faster because they don’t test the effectiveness of your security measures. They tend to carry less weight, especially with larger firms.
- Type II reports describe and evaluate your company’s practices over time (typically 3-12 months.) You can think of them as conveying “here are the appropriate security rules for our service, and here’s how well they work.” They provide more assurance that your company is able to secure sensitive information. 
Security and privacy is an ongoing and key investment for us. If you are interested in seeing a copy of our SOC2 Type II certification report, let us know. If you are an existing customer, please contact us through your dedicated slack channel. If you are considering Stemma, please ask your Stemma representative or contact us through our website.