At Docuverus, security is not something we take lightly. We know that you are entrusting us with your documents containing your personal information. You trust us with the keys to your life and we have a responsibility to treat them with the greatest care.

And we know security. Some of us have built tactical systems for the U.S. military, after all. But we are also smart enough to know that relying on ourselves isn't enough. That's why we hire third-party security companies to attack our systems so we can see how they respond. It's also why we have invested in and passed a SOC 2 audit, which is a critical examination of our policies, procedures, and operations defined by the AICPA to ensure the highest integrity of Trust Services related to Security, Availability, Confidentiality, Processing Integrity, and Privacy.

For our SOC 2 journey, we partnered with Thoropass to examine all aspects of our security posture.

Here are just a handful of areas we dug into.

Infrastructure

Validating against SOC 2 controls, we hardened our systems against attack, tested our authentication policies, exercised our disaster recovery and business continuity plans, and added continuous monitoring for vulnerabilities.

Software

We follow state-of-the-art software development processes include agile, lean, and continuous integration. In order to even better secure our software, we tightened these processes to further protect against malicious actors, introduction of infected libraries, and unintended introduction of vulnerable code.

Data

Protection of our client data is central to everything we do. We more tightly defined our policies and procedures to protect data against theft and other threats from sources both internal and external. We also hardened our detection and monitoring procedures to identify changes to configurations that result in the introduction of new vulnerabilities.

People

We believe in an unwavering commitment to integrity and ethical behavior. While we have always had a rigorous onboarding process for new employees including a thorough background check, we have added well-defined processes to help us maintain this commitment as we scale in size.

Risk Assessment and Mitigation

Managing risk is a part of any business. Managing risk with a disciplined approach takes time, commitment, and dedication to do the work. We chartered a formal risk committee to regularly identify, prioritize, monitor, and mitigate risks across a broad set of categories that span the operations of the company.

As you can see, obtaining our SOC 2 compliance was not an easy task. Rather than just checking some boxes, we wanted to leverage the compliance process to make us more secure, more disciplined, and more mature as a company. And SOC 2 is an ongoing process, requiring a formal audit every year. As we move forward, we will continue to leverage the process to ensure we maintain the highest standards with respect to the Trust Services.