Back to blog

Appwrite achieves SOC 2 Type 1 compliance

Learn more about what this means and the steps we undertake to keep your data safe.

We remain dedicated to maintaining the highest information security standards for all industries. Although we go beyond just meeting the requirements, Appwrite still commits to conform to the most stringent security standards like GDPR, HIPAA, and PCI to ensure the safety of your data.

Today, we are excited to add to Appwrite's list of security standards compliance and announce that Appwrite has achieved SOC 2 Type 1 compliance (System and Organization Controls).

What is SOC 2 Type 1?

SOC 2 Type 1 is a certification based on the auditing of a service organization's systems and the suitability of the design of its controls. It stands for "System and Organization Controls," and the "Type 1" designation specifically refers to an audit that assesses the design of security processes at a specific point in time. The criteria for this audit are set by the American Institute of Certified Public Accountants (AICPA).

The main focus of SOC 2 Type 1 is to evaluate how a company's controls align with the five trust service principles:

  1. Security: The system is protected against unauthorized access (both physical and logical).

  2. Availability: The system is available for operation and use as committed or agreed.

  3. Processing Integrity: System processing is complete, valid, accurate, timely, and authorized.

  4. Confidentiality: Information designated as confidential is protected as committed or agreed.

  5. Privacy: Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity's privacy notice.

What this means for you

If you're using Appwrite to build your products, you should be excited about our compliance with SOC 2 Type 1. As a cloud provider that stores data, we have to be very sure about the safety of not only our users but also your users.

The report generated from a SOC 2 Type 1 audit provides assurance to clients and stakeholders that the service provider has designed and implemented these controls effectively as of the audit date.

This assures you of data security of the highest standards for your products.

What we did to attain compliance

So, what did we do to attain compliance with SOC 2 Type I? Just like with our GDPR and HIPAA compliance, we needed to undergo rigorous evaluations of internal policies, procedures, and infrastructure. We've implemented measures to safeguard user data, ensuring that our practices align with the stringent requirements of SOC 2 standards.

Appwrite system description

Appwrite's service commitments and system requirements were achieved based on the Trust Services Criteria relevant to security outlined in TSP Section 100, 2017. Under the scrutiny of AICPA's attestation standards, Appwrite has undergone meticulous evaluations across Trust Services Criteria such as Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Outlined below are some of the key measures Appwrite implements to uphold the security, availability, processing integrity, confidentiality, and privacy of its users:

  • Appwrite commits to maintaining system availability for access and utilization at a minimum of 99.99%, with exceptions made only for scheduled maintenance.

  • Any modifications to the IT environment are thoroughly documented, tested, and approved before implementation.

  • Data backup protocols and disaster recovery strategies are in place to fortify customer data protection and ensure seamless business operations in the face of unforeseen disasters.

  • Access control mechanisms and privilege management protocols ensure that only authorized personnel have access to systems, data, and resources.

  • Sensitive data is safeguarded through encryption protocols, both during transit and while at rest, enhancing overall data security.

  • Incident Response plan is in place to swiftly detect, address, and recover from any security breaches.

  • Appwrite oversees vendor management processes to ensure the security of third-party vendors and service providers who may access systems or data.

  • Ongoing training and awareness initiatives are conducted to equip employees with the necessary knowledge and skills to uphold best practices in safeguarding systems and data.

Looking for a SOC 2 Type 1 compliant backend provider? Or looking to replace Firebase? Appwrite can be your solution. Take a look at our documentation to learn more about our security.

Subscribe to our newsletter

Sign up to our company blog and get the latest insights from Appwrite. Learn more about engineering, product design, building community, and tips & tricks for using Appwrite.