Skip to content

Baffle Achieves SOC 2® Type II Compliance

Aicpa Soc 2 Type Ii Certified2471

Third-party Auditors Confirm the Company’s Security Best Practices, Reaffirming Baffle’s Commitment to Partners and Customers

 

SANTA CLARA, Calif. – March 13, 2024 — Baffle, the easiest way to protect sensitive data, today announced its successful completion of a System and Organization Controls (SOC) 2 certification examination resulting in a CPA’s report stating that management of Baffle maintained effective controls over the security, availability, processing integrity, confidentiality, and privacy (AICPA, Trust Services Criteria) of the Baffle Platform. 

The recent SOC 2 Type II report performed by independent audit firm, MJD Advisors, provides third-party validation of Baffle’s focus on privacy and security in data management. Following the in-depth review of the company’s software development practices, Baffle achieved SOC 2 Type II compliance in November 2023. The SOC 2 report is designed to meet the needs of existing or potential customers who require assurance about the effectiveness of controls used by the company to develop software that safeguards customers’ information.

“Baffle is committed to protecting sensitive data and this applies to not only the platform we provide our customers but also how we manage the data we collect,” said Ameesh Divatia, founder and CEO, Baffle. “Our achievement of the SOC 2 Type 2 attestation not only validates our ongoing dedication to operational excellence, but also assures our customers and partners of our capability to handle sensitive data with utmost care.”

Baffle was evaluated using the following principles and related criteria that has been developed by the American Institute of CPAs (AICPA) for use by practitioners in the performance of trust services engagements:

  • Security: The system is protected against unauthorized access (both physical and logical).
  • Availability: The system is available for operation and use as committed or agreed.
  • Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
  • Confidentiality: Information designated as confidential is protected as committed or agreed.
  • Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.

For additional information about Baffle and the privacy and security features, visit:

About Baffle

Baffle is the easiest way to protect sensitive data. We are the only security platform that cryptographically protects the data itself as it’s created, used, and shared across cloud-native data stores that feed analytics, applications and AI. Baffle’s no code solution masks, tokenizes, and encrypts data with no application changes or impact to the user experience. With Baffle, enterprises easily meet compliance controls and security mandates, and reduce the effort and cost of protecting sensitive information to eliminate the impact of data breaches. Investors include Celesta Venture Capital, National Grid Partners, Lytical Ventures, Nepenthe Capital, True Ventures, Greenspring Associates, Clearvision Ventures, Engineering Capital, Triphammer Venture, ServiceNow Ventures [NYSE: NOW], Thomvest Ventures, and Industry Ventures.

Follow Baffle on Twitter and LinkedIn.

Contact: 

Stephanie Schlegel
Offleash PR
[email protected] 

Join our newsletter

Schedule a Demo with the Baffle team

Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.

Easy

No application code modification required

Fast

Deploy in hours not weeks

Comprehensive

One solution for masking, tokenization, and encryption

Secure

AES cryptographic protection

Flexible

No impact to user experience