We are pleased to announce that Netdata has successfully achieved SOC 2 Type 1 attestation!
Following an independent examination performed by AssuranceLab CPAs LLC, the report confirms that—as of April 25, 2025—the design of Netdata’s controls meets the Security, Availability, and Confidentiality Trust Services Criteria defined by the AICPA.
At Netdata, the security and integrity of the monitoring data our users entrust to us are paramount. This significant milestone, validated through a rigorous, independent third-party audit conducted by AssuranceLab, formally attests to the robustness of our security controls and practices as designed and implemented at a specific point in time.
This attestation underscores our unwavering commitment to maintaining the highest standards of security and operational excellence. Read on to understand what SOC 2 Type 1 means and how we protect the critical infrastructure data you monitor with Netdata.
What is SOC 2 Type 1?
SOC 2 (System and Organization Controls 2) is a framework developed by the American Institute of Certified Public Accountants (AICPA) designed to ensure service providers securely manage data to protect the interests of their organization and the privacy of its clients. SOC 2 reports are tailored to the unique needs of each organization based on one or more Trust Services Criteria (TSC).
A Type 1 report looks at the design of a company’s controls at a specific point in time (versus a Type 2 report, which tests operating effectiveness over a period). Netdata’s audit covered three core criteria:
- Security – protecting information and systems against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems
- Availability – ensuring our platform is available for operation and use as committed or agreed.
- Confidentiality – protecting information designated as confidential from improper disclosure.
Why is SOC 2 Critical in the Observability and Monitoring Space?
In the world of IT infrastructure monitoring and observability, organizations like Netdata handle vast amounts of sensitive operational data – performance metrics, system logs, event data, and potentially application traces. This data provides deep insights but also requires stringent protection.
Achieving SOC 2 Type 1 attestation demonstrates that Netdata has implemented industry-recognized best practices for securing this critical data. It provides assurance that:
- Our systems are designed with security at the forefront.
- We have robust controls in place to safeguard your monitoring data.
- We are committed to mitigating security risks associated with data handling and processing.
For our users, from individual developers to large enterprises, this attestation offers confidence that their observability data managed through Netdata is protected according to rigorous standards.
What This Means for Our Users and Customers
Trust is the foundation of our relationship with you. Our SOC 2 Type 1 attestation provides tangible proof of our commitment to security and offers several key benefits:
- Enhanced Data Security: Assurance that we have designed robust controls to protect your sensitive monitoring data.
- Increased Confidence: Validation from an independent auditor confirms that Netdata’s security posture meets high industry standards.
- Risk Mitigation: Partnering with a SOC 2 compliant provider helps mitigate risks associated with data security and privacy in your own compliance efforts.
- Demonstrated Commitment: This attestation reflects our dedication to implementing and maintaining best practices for data protection.
Our Journey to SOC 2 Type 1 Attestation
Achieving SOC 2 Type 1 attestation involved a comprehensive effort across Netdata, focusing on formalizing and validating our security posture. Key areas included:
- Policy Development & Documentation: Establishing and documenting clear, robust policies covering information security, access control, change management, incident response, and more.
- Control Implementation: Designing and implementing specific technical and procedural controls across our infrastructure and development lifecycle, such as:
- Access Controls: Implementing strict role-based access controls (RBAC) and reviewing access permissions regularly.
- Security Architecture: Reviewing and hardening our network and system architecture.
- Change Management: Formalizing processes for reviewing, testing, and approving changes to our production environment.
- Vulnerability Management: Establishing procedures for regular vulnerability scanning and timely remediation.
- Risk Assessment: Conducting thorough risk assessments to identify and mitigate potential threats.
- Employee Security Awareness: Ensuring our team understands their role in maintaining security through training and awareness programs.
- Vendor Management: Assessing the security practices of critical third-party vendors.
This required significant cross-functional collaboration, ensuring that security principles were embedded throughout our operations.
Our Ongoing Commitment to Security: Towards SOC 2 Type 2
SOC 2 Type 1 attestation is a critical milestone, but it’s just one part of our continuous security journey. Security is an ongoing process, not a destination. We are committed to:
- Continuously monitoring, reviewing, and improving our security controls.
- Maintaining our security posture to meet evolving threats and industry standards.
- Building on this achievement, we are currently undergoing the monitoring period for SOC 2 Type 2. This next phase involves demonstrating the consistent operational effectiveness of our controls over time. We anticipate completing this process and having the SOC 2 Type 2 attestation report available in the coming months.
We are proud of the security foundation confirmed by our Type 1 attestation and the enhanced peace of mind it provides our users. We remain dedicated to delivering a powerful, reliable, and secure observability platform.
If you have any questions or would like to learn more about our safety and security features, please reach out to us at privacy@netdata.cloud.