Giraffe maintains accreditations to ISO27001 version 2022 and SOC 2. We complete an external audit each year against both SOC 2 and ISO27001 to demonstrate and confirm compliance.
ISO 27001 is a widely recognized international standard that provides a framework for organizations to establish, implement, and maintain a robust Information Security Management System (ISMS).
SOC 2, or System and Organization Controls 2, is a compliance framework developed by the American Institute of Certified Public Accountants (AICPA) to help organizations demonstrate they have implemented effective controls for protecting customer data and business operations. It's a key standard for service organizations, particularly those in the cloud and SaaS industries, aiming to build trust with customers by verifying data security practices.
Giraffe uses a continuous compliance solution (Drata) to monitor our conformance with our ISO and SOC 2 commitments. This includes real time monitoring of our Google Cloud Platform infrastructure and GitLab CICD (Continuous Integration and Continuous Delivery/Deployment) platform. We practice security by design in our Software Development Life Cycle (SDLC) including static analysis and container analysis at all stages of our CICD process. We complement this with regular, monthly penetration testing of our environment.
Our ISMS includes risk assessment and mitigation and is reviewed by senior management as part of our compliance program.
 | 
| 
|
