Back to blog home

Fiddler announces SOC2 Type II Certification

Fiddler is excited to announce that we have been awarded the SOC2 Type II certification for Security, Availability and Confidentiality. SOC2 is one of the widely recognized and accepted information security compliance standards. This assessment ensures that our organization has adequate controls, processes and policies to handle both our customer and organizational data securely.

What is SOC2?

SOC2 stands for “System and Organization Controls”. It gives assurance over control environments such as storage, processing, retrieval and transfer of data. This certification means that an organization was audited by a trusted external audit firm and verified that a company’s infrastructure and security controls, based on standards set by the AICPA, have the ability to secure and manage the customers' data to protect the interest of organizations and individuals.

Extending the Fiddler Mission with SOC2

As Fiddler’s mission is to empower our customers to build trust into AI, it’s of utmost importance that our customers trust Fiddler. 

We partnered with Vanta, the leader in continuous compliance monitoring, to help us automate the collection of our audit evidence which helped us to quickly identify, review and meet all the security requirements.

  • We have significantly improved our security controls over the last year. Thanks to our engineering team's hard work, several security domains have been implemented. For example, identity access management has been fully automated. 
  • Vulnerability management is a priority for us. Hence we continuously scan and monitor our infrastructure and code base. Periodically, we perform independent and external penetration testing activities to continuously assess our platforms like external attackers do. 

What we included in our SOC2 report

Our SOC2 Type II report provides users with information about the Fiddler Model Performance Management Platform. The report will be useful when assessing the risks arising from interactions with the platform, particularly information about system controls that Fiddler has designed, implemented, and operated. Service commitments and system requirements were achieved based on the trust services criteria relevant to security, availability and confidentiality. Reports include Fiddler system components used to provide the services such as Fiddler infrastructure, software, people, data, processes and procedures.


If you would like to request a copy of the report, please contact us at sales@fiddler.ai.