Security is our top priority. We’re excited to share that Pivotal Tracker, under the hood of VMware, is now SOC 2 Type 1 certified. This adds to the growing list of industry security certifications that Pivotal Tracker has received, including the ISO/IEC 27001:2013 certification in June.
System and Organization Controls (SOC) 2, developed by the American Institute of Certified Public Accountants (AICPA), is an auditing procedure designed to ensure that third-party service providers can securely manage data to protect the interests and privacy of their clients. It sets criteria for managing customer data based on five trust service principles: availability, confidentiality, processing integrity, privacy, and security. Compliance with this auditing procedure is a prerequisite for service providers as it attests that the organization has put in place controls to meet those trust service principles. A SOC 2 Type 1 report describes a service vendor’s systems and determines whether it is capable of adhering to relevant trust principles by a specified date.
We started preparation for this Audit back in Dec 2021. We onboarded to CSSP (Cloud Service Security Program) which helped us in clearing various internal Audits related to Security and Compliance. After clearing the internal Audits, we submitted for the ISO Audit and cleared it successfully. The feedback received from both the internal audits and ISO Audit helped us in updating process documentation which then enabled us to clear the SOC 2 Type 1 Audit. Recertification in both SOC and ISO will become an annual process. We are fully committed to maintaining the operational practices that will allow us to recertify efficiently each year. The Pivotal Tracker development team follows VMware Tanzu Labs agile development practices. We maintain high standards and follow industry best practices when it comes to delivering features to the Tracker users.
Running a SaaS business is not easy, as our customers well know. Many use our products to run their own online services, so they need to be assured that Pivotal Tracker is up to the task of fully supporting them. These industry certifications are one way they can evaluate our ability to design, build, and operate a secure, resilient service they can rely on to underpin their own businesses.
These certifications are proof that Pivotal Tracker is up to the task. When our customers engage their security teams to dig into our service design, these certifications provide assurance beyond our own claims and make clear that we’ve made an ongoing commitment to our operational practices.
Interested in knowing more about Tracker and SOC2 compliance? Look for Pivotal tracker in the VMware cloud compliance page and check the status here.
We hope that this update provides you with enough details on Tracker’s SOC2 compliance status. As always, please don’t hesitate to share your feedback by emailing us at firstname.lastname@example.org or by selecting Provide Feedback under the Help menu in Tracker. We love hearing from you!
–The Tracker Team–