Skip to main content

Mock Loki is now Stage! Read the announcement

Back to blog
Company News4 min read

Stage Achieves SOC 2 Type II Certification

We're proud to announce that Stage has achieved SOC 2 Type II certification, demonstrating our commitment to security and data protection.

SC
Sarah Chen
CEO & Co-founder
November 15, 2024

Today we're proud to announce that Stage has achieved SOC 2 Type II certification. This milestone represents our ongoing commitment to maintaining the highest standards of security, availability, and confidentiality.

What is SOC 2?

SOC 2 (Service Organization Control 2) is a rigorous audit framework developed by the American Institute of CPAs. It evaluates how organizations manage customer data based on five "trust service criteria":

  • Security: Protection against unauthorized access
  • Availability: Systems are available for operation
  • Processing Integrity: Processing is complete, valid, and accurate
  • Confidentiality: Information is protected as committed
  • Privacy: Personal information is handled appropriately

Type II certification means we've not only designed these controls, but demonstrated their effectiveness over a sustained period (in our case, 12 months).

Why It Matters

For our customers—especially those in regulated industries—SOC 2 certification provides independent assurance that:

  1. Your data is protected: We have robust controls for access management, encryption, and monitoring
  2. Our systems are reliable: We maintain high availability and have tested incident response procedures
  3. We practice what we preach: Our security controls are verified by independent auditors, not just claimed

Our Security Practices

Some highlights from our SOC 2 report:

Data Protection - All data encrypted in transit (TLS 1.3) and at rest (AES-256) - No raw customer data is stored—only configuration and metadata - Customer environments are fully isolated

Access Control - Role-based access control (RBAC) for all systems - Multi-factor authentication required for all employees - Regular access reviews and automatic deprovisioning

Monitoring & Response - 24/7 security monitoring and alerting - Documented incident response procedures - Regular penetration testing by third parties

Compliance - Annual SOC 2 audits - GDPR and CCPA compliant - HIPAA-ready (with BAA available for healthcare customers)

Getting the Report

Enterprise customers can request our full SOC 2 Type II report by contacting security@usestage.dev or through your account manager.

What's Next

Security is a journey, not a destination. We're continuing to invest in:

  • HIPAA certification: For healthcare customers
  • ISO 27001: International security standard
  • FedRAMP: For government customers

Questions about our security practices? Get in touch.

Share this article

Related Articles

4 min read

Mock Loki is Now Stage: Our New Name, Same Mission

4 min read

Announcing our $18M Series A to Transform API Testing

Ready to transform your API testing?

Join thousands of developers who ship with confidence using Stage.

Start Free TrialTalk to Sales