The Bitwarden Blog

Bitwarden achieves SOC 2 certification

KS
authored by:Kyle Spearrin
posted:
Link Copied!
  1. Blog
  2. Bitwarden achieves SOC 2 certification

SOC 2 Type II and SOC 3 certifications are complete

System and Organization Controls (SOC) comprise a set of control frameworks that independent auditors use to validate and certify an organization’s systems and policies with respect to security and data protection. The purpose of SOC standards is to provide confidence and peace of mind for organizations when they engage third-party vendors. A SOC-certified organization has been audited by an independent certified public accountant who determined the firm has the appropriate SOC safeguards and procedures in place.

As part of our commitment to keeping customer data secure and private, Bitwarden performed an audit with AuditOne, LLP, to cover the most important facets of data security regarding our processes for systems, employees, and security controls.

This audit serves as a declaration that Bitwarden operates holistically in the best interests of our customers and their data, taking every reasonable precaution.

The following certifications were achieved by the Bitwarden team:

  • 2021 SOC 3 Report - Download the PDF

  • 2020-2021 SOC 2 Type II (available upon request)

  • 2020 SOC 3 Report - Download the PDF

Details on Controls for Service Organizations

SOC is driven by the Association of International Certified Professional Accountants or AICPA.

SOC 2 is the SOC for service organizations report focused on trust services criteria. AIPCA describes SOC 2 as the report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.

These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.

These reports can play an important role in:

  • Oversight of the organization

  • Vendor management programs

  • Internal corporate governance and risk management processes

  • Regulatory oversight

According to the AICPA, the use of these reports is restricted. For SOC 2 report inquiries, please contact our sales team.

The SOC 3 report provides a summary of the SOC 2 report that can be distributed publicly. According to the AICPA, SOC 3 is the SOC for service organizations report on trust services criteria for general use.

Bitwarden makes a copy of our SOC 3 report available here.

SOC information from AICPA: https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/sorhome.html

These SOC certifications represent one facet of our commitment to safeguarding the security and privacy of customers, and compliance with rigorous standards. Bitwarden also performs a regular cadence of audits on our network security and code integrity, which you can find here:

Bitwarden achieves SOC 2 certification

Editor's Note This blog was originally published on August 25, 2020 and updated on September 13, 2021

ComplianceBusinessPassword Manager
Link Copied!
Back to Blog

Get started with Bitwarden today.

Create your free account

Level up your cybersecurity knowledge.

Subscribe to the newsletter.


© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here