Nexla Achieves SOC 2 Type II Certification

Bipin Singh
Bipin Singh

Nexla is trusted for mission-critical data by some of the largest US companies across banking, retail, ecommerce, delivery, marketing, and education industries. A key driver of this trust is the “Secure by Design” founding architectural principle at Nexla. 

Today we are proud and excited to share that Nexla has received its SOC 2 Type II certification by AICPA. It is a significant milestone that validates our relentless focus on security. Security teams around the world consider SOC as a standard for security because of its rigorous compliance standards.

Our Security and Privacy Philosophy

From day one, Nexla’s philosophy has been to keep security and compliance as a foundational principle on how we serve our customers. Here are some of the ways we demonstrate our commitment to security and privacy:

  • Zero Data Copies. Nexla doesn’t keep any copy of your data. Nexla is a flow system, not a data storage system. We ingest data, cache it for an extremely short period of time for processing, and then send data to its destination. 
  • Built-in PII and Sensitive data detection. Nexla provides capabilities for detecting personally identifiable information (PII) and sensitive data. 
  • Dynamic Data Masking. Nexla makes it easy to dynamically mask data using hashing and custom code – all out of the box features.
  • Multiple Data Backplanes, Single User Interface. Nexla makes it possible to easily run your data processing in multiple backplanes. For example, you can set up Nexla so that data generated by your European entity never leaves the region to comply with the most stringent law.  All while having a single web interface to create, monitor, and manage all your data processing.

What is SOC 2 Type II Certification?

SOC 2 Type II examination is held by an independent accounting and auditing firm by reviewing and examining the organization’s control objectives and activities. The independent auditing and accounting firm tests all the organizational controls to see that they are operating effectively.

SOC 2 is based on the criteria of Observability, Procedures, Communication, and Policies. SOC 2 has a specific Trust Service Principle which explains how the order must be followed to achieve the certification:

  1. Privacy: Privacy principles are based on the operational requirements of an organization that collects, uses, retains, and discloses personal information. The privacy principles must also follow the set standards of American Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
  2. Security: All the systems in the organization have controls in place to protect against unauthorized access for both physical and logical.
  3. Availability: Organization systems are available for operation and usage can be committed and agreed upon.
  4. Confidentiality: Information that is designated as “Confidential” by a user is protected.
  5. Processing Integrity: All system processing is authorized, timely, accurate, and complete.

 SOC 2 is of two types: Type I and Type II. 

SOC 2 Type I certification is issued to organizations that have audited the controls are suitability designed and implemented.

SOC 2 Type II certification is more rigorous and is only issued to organizations that have successfully passed an audit of their controls when dealing with sensitive and confidential information over a specific period of time.

Why Does This Matter? 

Today, every company is balancing their needs to leverage data while taking care of their data security and privacy requirements. Nexla’s SOC 2 Type II certification means that you can fully adopt and take advantage of Nexla without worrying about risks to their data. Nexla gives you peace of mind that your data is being handled and processed with highest levels of security, trust, and compliance.

Next Steps

If you are interested in learning more about Nexla and how we can help you integrate, transform, deliver, and monitor your data in a safe and secure manner, please contact us or get a demo.