As the leading, dedicated code coverage solution, Codecov sits at the critical intersection of our users’ source code and testing (continuous integration). As such, we prioritize the security of our customers’ data and the resiliency of our systems.
Our commitment to innovation and information safety have walked hand in hand in the past five years on our mission to help our clients improve their code quality and deploy with confidence.
For this reason (drum roll, please)…
We’re very excited to announce we have been awarded a SOC2 Type II attestation with no exceptions!
Why is this a big deal?
For those who do not know, a SOC2 audit is a full technical and process inspection of all our systems and controls performed by an accredited, independent third-party auditor (in our case, Linford & Company LLP). The main objective here is to ensure Codecov’s service commitment and system requirements meet the best-in-class criteria set forth by the American Institute of CPAs (AICPA) across different areas such as security, availability, processing integrity, confidentiality and privacy.
The wide scope of this evaluation included areas such as how our service is designed and developed, how the system is operated, how internal networks are managed, and how employees are hired and trained.
We worked together with Vanta as our SOC2 readiness provider. They are amazing at automating, monitoring and testing organizational structure, policies and procedures to demonstrate how our systems and data are protected.
Between Vanta and Linford, an otherwise daunting process became straightforward, and we could focus on ensuring security and resilience for our customers.
This is the result of several months of hard work in a joint effort between our Security, Engineering and Operations teams in order to reinforce the peace of mind of our users in regards to how we handle their data and to provide confidence to individuals and organizations new to Codecov about the strictness of our systems and procedures in place.
This audit was conducted over a period of time (November 2019 to April 2020) and Codecov’s SOC2 Type II status will be audited on a yearly basis to confirm we continue to uphold these same standards.
If you’re looking for more details of our SOC 2 report, please contact us here.