We’re excited to share that Netdata has successfully achieved SOC 2 Type 2 attestation.
Following a five-month audit conducted by Sensiba LLP, we can now confirm that our security controls work consistently in practice. The audit covered the period from April 1 to August 31, 2025, and tested whether our controls operated effectively throughout that entire timeframe.
Back in April, we announced our SOC 2 Type 1 attestation, which validated that our security controls were properly designed at a specific point in time. We also mentioned we were entering the monitoring period for Type 2. Today we can share the results.
Type 1 vs Type 2: What’s the Difference?
SOC 2 Type 1 confirms your security controls are designed correctly and implemented at a specific moment. Type 2 verifies those controls actually work as intended over several months.
For the Type 2 audit, Sensiba examined our operations over five months, testing:
- Security – How we protect information and systems against unauthorized access
- Availability – Whether our platform remains accessible as promised
- Confidentiality – How we safeguard data designated as confidential
The auditors tested our controls repeatedly, verified our processes were followed, and confirmed that what we said we do actually happens.
What This Means for You
If you’re using Netdata to monitor your infrastructure, this attestation provides additional assurance that:
- Your monitoring data is protected by controls that work consistently
- We maintain security practices over time
- Our commitment to security is backed by independent verification
For teams evaluating Netdata, particularly in regulated industries or security-conscious organizations, SOC 2 Type 2 is often a baseline requirement. You need to know your vendors take security seriously and can prove it.
What Was Tested
The audit covered everything from technical controls to operational processes:
- Access management: How we grant, review, and revoke access to systems and data
- Change management: Our processes for safely deploying updates to production
- Incident response: How we detect, respond to, and learn from security incidents
- Vulnerability management: Our approach to identifying and fixing security weaknesses
- Monitoring and logging: How we track what’s happening in our systems
- Backup and recovery: Our procedures for protecting against data loss
Every control was tested multiple times across the audit period. The auditors selected samples of our work (access reviews, change tickets, security scans, incident reports) and verified we followed our documented procedures.
The Real Work Happens Between Audits
The audit validates our work, but the real effort happens in the weeks and months when there’s no auditor watching.
Maintaining these controls means security is baked into how we operate:
- Running background checks before hiring
- Requiring multi-factor authentication
- Reviewing who has access to what, and why
- Testing our backups regularly
- Documenting changes before they go live
- Training our team on security practices
- Tracking and fixing vulnerabilities
This is how we run Netdata.
What’s Next
SOC 2 compliance requires ongoing work. We’ll undergo annual audits to maintain our attestation and continue proving our controls work effectively.
Security is about staying ahead of threats. We’re continuing to invest in our security program, improve our controls, and adapt to new challenges.
If you’re a current customer and would like to review our SOC 2 Type 2 report, reach out to your account manager or contact us at [email protected]. Reports are shared under NDA with customers and prospects who need to review our security posture.
For everyone else: thank you for trusting us with your monitoring data. We take that responsibility seriously, and this attestation is one more way we’re proving it.
Learn more about our security practices and certifications at our Trust Center.