I’m excited to announce that Feathery has achieved SOC 2 Type II compliance with zero exceptions in 2024. This certification underscores our ongoing commitment to protecting customer data with best-in-class security and privacy controls.

Thoropass, an independent vendor for System and Organization Controls (SOC) Certification, performed the audit. To qualify for the certification, they reviewed Feathery’s information security mechanisms, guidelines, and procedures to ensure they meet the standards based on the Trust Services Criteria (TSC) set by the American Institute of Certified Public Accountants (AICPA).

The report covers all Feathery products: Forms, Documents, AI, and Workflows.

What is SOC 2 compliance?

SOC 2 (Service Organization Control 2) compliance is a framework for managing data to ensure it is securely protected. Developed by the American Institute of CPAs (AICPA), it is specifically designed for service providers storing customer data in the cloud, and it applies to nearly every technology company handling customer data.

Organizations that achieve SOC 2 compliance undergo a rigorous audit by an independent certified public accountant who determines if the appropriate safeguards and procedures are in place. The result of this audit is a detailed report that demonstrates the organization's commitment to these high standards of data security and privacy, which is often essential for doing business, especially when sensitive customer data is involved.

Software providers like Feathery voluntarily undergo a rigorous audit and assessment to ensure their security controls meet AICPA’s Trust Services Criteria, including:

• Security: The system is protected against unauthorized access (both physical and logical).
• Availability: The system is available for operation and use as committed or agreed.
• Processing Integrity: System processing is complete, valid, accurate, timely, and authorized.
• Confidentiality: Information designated as confidential is protected as committed or agreed.
• Privacy: Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice.

System and Organization Controls (SOC) 2 is a widely recognized security standard developed by the AICPA that specifies how organizations should manage customer data. A SOC 2 report is often the primary document that security departments rely on to assess a vendor’s ability to maintain adequate security.

Our commitment to data security

SOC 2 compliance is a critical security initiative and an important milestone for Feathery. Organizations can power client-facing forms and workflows with confidence that Feathery meets exacting, industry-standard security and risk management criteria.

Learn more and obtain a copy of our SOC 2 Type II report by contacting your dedicated account representative or emailing support@feathery.io.

You can read more about our security and privacy standards and certifications on our Security page.