This message was posted in the Facebook Group on 21st September 2022. I am adding it here so that other users have additional insights on the SOC-2 compliance details related to Pabbly Connect.
User Asked:
"Zapier have obtained independent third-party auditor certifications with the AICPA’s SOC for Service Organizations, SOC 2 Type II and SOC 3"
https://zapier.com/help/account/data-management/security-compliance-at-zapier
"Bubble is built on Amazon Web Services, which is itself compliant with certifications such as SOC 2, CSA, ISO 27001, and more." https://bubble.io/security#!
I'm unsure whether the Bubble.io certificates are the same as what Pabbly could have, since they are different products, or if Pabbly already satisfies this when it uses AES. But the Zapier one seems to be more relevant especially since it's done by a third party
-
Reply from Neeraj Agarwal (Co-Founder of Pabbly Connect)
SOC2 has around 100 controls that needs to be fulfilled before the SOC2 certification is issued to you. The certification is issued by a US based CPA. It costs roughly $10K-$50K every year depending upon the complexity of the audits done.
Mostly, SOC2 certification is required if you are going upmarket into the enterprise segment. For a lot of enterprises, they can't implement the tool in their processes until it is not SOC2 compliant.
In our case, we do have plans to do SOC2 as we evolve ourselves into a bigger platform.
To give you some additional perspective, I got an email from Jotform today that they are now SOC2 compliant. They had more than 5 million customers before they decided to become a SOC2 compliant platform.
The SOC2 compliance also requires the third party application to get the Vulneribility Assessment done by a external third party security platform.
VAPT is an important aspect of SOC2 and I want to let you know that we have got the VAPT assessment done this month itself from the third party external auditor. We have cleared the VAPT audit yesterday itself.
That being said, I want to let you know that clearing VAPT does not mean that we are SOC2 compliant. We are not SOC-2 compliant yet but we do have plans to become one as soon as possible.
User Asked:
"Zapier have obtained independent third-party auditor certifications with the AICPA’s SOC for Service Organizations, SOC 2 Type II and SOC 3"
https://zapier.com/help/account/data-management/security-compliance-at-zapier
"Bubble is built on Amazon Web Services, which is itself compliant with certifications such as SOC 2, CSA, ISO 27001, and more." https://bubble.io/security#!
I'm unsure whether the Bubble.io certificates are the same as what Pabbly could have, since they are different products, or if Pabbly already satisfies this when it uses AES. But the Zapier one seems to be more relevant especially since it's done by a third party
-
Reply from Neeraj Agarwal (Co-Founder of Pabbly Connect)
SOC2 has around 100 controls that needs to be fulfilled before the SOC2 certification is issued to you. The certification is issued by a US based CPA. It costs roughly $10K-$50K every year depending upon the complexity of the audits done.
Mostly, SOC2 certification is required if you are going upmarket into the enterprise segment. For a lot of enterprises, they can't implement the tool in their processes until it is not SOC2 compliant.
In our case, we do have plans to do SOC2 as we evolve ourselves into a bigger platform.
To give you some additional perspective, I got an email from Jotform today that they are now SOC2 compliant. They had more than 5 million customers before they decided to become a SOC2 compliant platform.
The SOC2 compliance also requires the third party application to get the Vulneribility Assessment done by a external third party security platform.
VAPT is an important aspect of SOC2 and I want to let you know that we have got the VAPT assessment done this month itself from the third party external auditor. We have cleared the VAPT audit yesterday itself.
That being said, I want to let you know that clearing VAPT does not mean that we are SOC2 compliant. We are not SOC-2 compliant yet but we do have plans to become one as soon as possible.
