It’s Official: Telmai is now SOC 2 Type 2 Compliant

It’s Official: Telmai is now SOC 2 Type 2 Compliant
Max Lukichev

Today we have a fantastic news to share ! Telmai is  now SOC 2 Type 2 Compliant

This is a milestone achievement that helps us to continue to build trust with our community and customers. Telmai has always been committed to building trust with all users and we are constantly working toward aligning data security and privacy practices with the latest certifications and accreditations. 

Today, we’re happy to announce Telmai is now SOC 2 Type II compliant. This is another  attestment to reassure our users that their valuable data is always safe and protected with highest security standards.

What is SOC 2 compliance?

Service Organization Control 2 (SOC2) is a component of the American Institute of CPAs (AICPA)’s Service Organization Control reporting platform. SOC 2 is a technical auditing process and certification that measures security and availability and serves as an assurance to customers that their data is being managed in a controlled and audited environment.When a business is SOC 2 compliant, it signifies they implement proper security systems to ensure security, availability, processing integrity, confidentiality, and privacy of customer data.

SOC 2 compliance is essential for technology-based service organizations that store customer data in the cloud. This makes it applicable to most SaaS businesses, and any business that relies on the cloud to store its customers’ information. As of August 2022 we are now Type II compliant.

What does SOC 2 certification entail?

The SOC 2 certification is awarded to businesses by independent auditors upon assessing the extent to which they comply with one or more of these five trust principles:

Five Trust Principles of SOC II

Security

The security principle refers to the protection of system resources against unauthorized access. Access controls help prevent potential system abuse, theft or unauthorized removal of data, misuse of the software, and improper alteration or disclosure of information.

Availability

The principle checks the accessibility of the system, products or services as stipulated by a contract or service level agreement (SLA). It involves security-related criteria that may affect availability. Monitoring network performance and availability, site failover, and security incident handling are critical in this context.

Processing integrity

This principle addresses if a system achieves its purpose, i.e., delivers the right data at the right price at the right time. The data processing must be complete, valid, accurate, timely, and authorized.

However, processing integrity doesn’t only imply data integrity; it also includes the monitoring of data processing, along with quality assurance procedures.

Confidentiality

Information that is designated as confidential should be protected according to the User Entity’s needs. Data is considered confidential if its access and disclosure are restricted to a specified set of persons or organizations.

The principle includes encryption, which is an important control for protecting confidentiality during transmission. Network and application firewalls, along with rigorous access controls, can be used to safeguard information being processed or stored on computer systems.

Privacy

The privacy principle addresses the system’s collection, use, retention, disclosure, and disposal of personal information in conformity with an organization’s privacy notice, as well as with criteria determined by the AICPA’s Generally Accepted Privacy Principles (GAPP).

It includes protecting the unauthorized access of personally identifiable information (PII) – personal data related to health, race, sexuality, and religion is also considered sensitive and generally requires an extra level of protection.

Why is SOC 2 compliance important?

Meeting SOC 2 compliance means establishing processes and practices that guarantee oversight across a company, guaranteeing customers that their data is protected from any unusual, unauthorized, or suspicious activity.

To ensure businesses meet SOC 2 requirements, you need to receive alerts whenever unauthorized access to customer data occurs. SOC 2 compliant companies are required to set up alerts for:

  • Exposure or modification of data, controls, configurations
  • File transfer activities
  • Privileged filesystem, account, or login access

Having a SOC 2 badge on the Telmai website represents the dedication to keeping customer information private and secure. Telmai understands the need for customers to feel safe about their data, and it’s the reason why we are excited to feature this badge:

Our Journey to SOC II 

As a company, we’ve always tried to live up to the highest standards. We care about security and treat it with high priority. The SOC audit was, first of all, a benchmark we wanted to use to validate our efforts in the security area. We’re proud the approach we took naturally led us to this well-respected certification.

We started the journey by partnering with Vanta (another YC company). Their platform was invaluable in preparing us for the audit, and helped us organize information about assets, vulnerabilities and forced us to follow best practices. They also introduced us to a number of credible audit firms and we picked the one which worked best given the size, stage of our company as well as type of our customers. Barr Advisory checked all the marks and we decided to go with them.

In the early days despite being a startup we decided not to take any shortcuts in architecture, tooling, processes and enterprise software best practices. On this path we had multiple checkpoints with CISOs to ensure we leave no gaps even at the planning phase. All this helped us tremendously in achieving the certifications goals smoothly.  

If you have any questions around the process or need access to our report email us on security@telm.ai to request our SOCII report.

Data profiling helps organizations understand their data, identify issues and discrepancies, and improve data quality. It is an essential part of any data-related project and without it data quality could impact critical business decisions, customer trust, sales and financial opportunities. 

To get started, there are four main steps in building a complete and ongoing data profiling process:

  1. Data Collection
  2. Discovery & Analysis
  3. Documenting the Findings
  4. Data Quality Monitoring

We'll explore each of these steps in detail and discuss how they contribute to the overall goal of ensuring accurate and reliable data. Before we get started, let's remind ourself of what is data profiling.

What are the different kinds of data profiling?

Data profiling falls into three major categories: structure discovery, content discovery, and relationship discovery. While they all help in gaining more understanding of the data, the type of insights they provide are different:

 

Structure discovery analyzes that data is consistent, formatted correctly, and well structured. For example, if you have a ‘Date’ field, structure discovery helps you see the various patterns of dates (e.g., YYYY-MM-DD or YYYY/DD/MM) so you can standardize your data into one format.

 

Structure discovery also examines simple and basic statistics in the data, for example, minimum and maximum values, means, medians, and standard deviations.

 

Content discovery looks more closely into the individual attributes and data values to check for data quality issues. This can help you find null values, empty fields, duplicates, incomplete values, outliers, and anomalies.

 

For example, if you are profiling address information, content discovery helps you see whether your ‘State’ field contains the two-letter abbreviation or the fully spelled out city names, both, or potentially some typos.

 

Content discovery can also be a way to validate databases with predefined rules. This process helps find ways to improve data quality by identifying instances where the data does not conform to predefined rules. For example, a transaction amount should never be less than $0.

 

Relationship discovery discovers how different datasets are related to each other. For example, key relationships between database tables, or lookup cells in a spreadsheet. Understanding relationships is most critical in designing a new database schema, a data warehouse, or an ETL flow that requires joining tables and data sets based on those key relationships.

Stay in touch

Stay updated with our progress. Sign up now

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Stay in touch

Stay updated with our progress. Sign up now

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Data Observability
Data Quality

Leverages ML and statistical analysis to learn from the data and identify potential issues, and can also validate data against predefined rules

Uses predefined metrics from a known set of policies to understand the health of the data

Detects, investigates the root cause of issues, and helps remediate

Detects and helps remediate.

Examples: continuous monitoring, alerting on anomalies or drifts, and operationalizing the findings into data flows

Examples: data validation, data cleansing, data standardization

Low-code / no-code to accelerate time to value and lower cost

Ongoing maintenance, tweaking, and testing data quality rules adds to its costs

Enables both business and technical teams to participate in data quality and monitoring initiatives

Designed mainly for technical teams who can implement ETL workflows or open source data validation software

Stay in touch

Stay updated with our progress. Sign up now

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Start your data observibility today

Connect your data and start generating a baseline in less than 10 minutes. 

No sales call needed

Stay in touch

Stay updated with our progress. Sign up now

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Start your data observability today

Connect your data and start generating a baseline in less than 10 minutes. 

Telmai is a platform for the Data Teams to proactively detect and investigate anomalies in real-time.
© 2023 Telm.ai All right reserved.