Alexandra Paredes

We’re proud to announce that as of August 31, 2020, Code Climate has reinforced its commitment to your security by becoming SOC 2 Type 1 compliant. Along with our existing security protocols, this new certification is representative of our ongoing efforts to ensure the safety of our customers’ data.

This dedication to security is critical to fulfilling our mission and empowering engineering organizations to achieve excellence with data-driven insights.

What is SOC 2 Compliance?

SOC 2, or Service Organization Controls 2, is an accreditation developed by the American Institute of CPAs (AICPA). To qualify for SOC 2, an organization must demonstrate that it has controls in place to ensure the security, availability, and processing integrity of users’ data. It’s a confirmation of an organization’s commitment to maintaining its customers’ privacy.

Type 1 certification requires the completion of a security audit by an independent, third-party accounting and auditing firm, and indicates that Code Climate currently has processes, procedures, and controls in place to ensure the security of our Engineering Intelligence System and safeguard our customers’ data. It also represents the start of a six-month review period, during which we’ll demonstrate our longterm ability to uphold these procedures, a prerequisite for achieving SOC 2 Type 2 certification.

Why SOC 2?

We value the trust our customers place in us and are committed to maintaining that trust by continually evaluating and improving upon our security protocols. SOC 2 is an opportunity to put those protocols to the test, and to demonstrate our ongoing dedication to data security.

Vendors and partners with compliance requirements are now able to request a copy of Code Climate’s SOC 2 Type 1 report as part of their compliance strategy.

As the COVID-19 (coronavirus) outbreak has evolved rapidly, we want to take a moment to share updates with our customers about the precautions we’re taking to keep our services up and running, while ensuring the safety of our team.

Our leadership team is carefully monitoring and assessing the situation and we do not foresee a major impact to the delivery of our services due to COVID-19. We’re following the advice of the World Health Organization, the Centers for Disease Control, and other local authorities to be prepared to mitigate any potential disruptions to our business if necessary.

Our team

First and foremost, the safety and health of all Code Climate employees and the broader community is something we take very seriously. To that end, we have been taking proactive measures to help reduce the spread of the virus by following the advice of medical experts and the authorities:

• Remote work – Our team has been telecommuting since March 10th and this policy will continue until at least April 20th. We’re ensuring that all employees have the tools and equipment to perform their responsibilities securely from home.
• Travel – We’ve restricted all domestic and international business travel except for trips that are strictly necessary.

Our customers

We have plans and processes in place to ensure we can maintain business functions and our services are available.

• Security and reliability – Our systems were designed and built with disaster recovery in mind. Our infrastructure and data are spread across three AWS availability zones. In addition to that, we have automated backup processes for all data stores that contain customer data. Read more about our approach in our Security page. A real-time view of our uptime and availability is tracked on status.codeclimate.com.
• Support – Our team continues to remain available to address all your commercial and support needs. If you have any questions, please feel free to contact info@codeclimate.com.

We will be providing additional updates as the situation evolves. If we can support you or your team in any way, please don’t hesitate to let us know.