As an extension of your product, we believe that security and other controls at Pendo must be central to everything we do. Our customers expect that Pendo will keep their information secure, ensure the integrity and performance of their applications, and maintain the confidentiality and privacy of their data. In return, Pendo not only wants to meet these expectations, we want our customers to receive independent assurance that they can rely on our commitments.
To that end, we’re very excited to announce that Pendo has successfully completed a Service Organization Controls (SOC) 2 Type 1 audit. SOC reports are prepared by independent auditors and based on the internationally recognized Trust Services Principles and Criteria framework developed jointly by the American Institute of Certified Public Accounts and Canadian Institute of Chartered Accountants.
SOC 2 reports focus on the internal controls at an organization related to compliance or operations including how sensitive data is stored, handled, and transmitted. They can address any, or all, of the five Trust Services Principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Each of the principles has defined criteria that must be met in order to gain certification.
Pendo’s SOC 2 Type 1 audit included all five trust principles and there were no exceptions in related controls.
In order to pass a Type 1 audit, a company must demonstrate (and document) that they have sufficient policies and safeguards in place to achieve the selected principles. Controls that address the related Criteria must be properly designed and implemented. Pendo’s SOC 2 Type 1 audit included all five trust principles and there were no exceptions in related controls.
Our commitment to enterprise-grade security, availability, and performance is one reason why many leading software companies such as Salesforce, BMC, Citrix, Optimizely, and Cisco rely on Pendo to help them improve their product experiences. Our SOC 2 certification provides another key 3rd-party validation of our approach, and we will pursue ongoing audits and certifications for continued validation. For more information, please see our Security FAQ.