Excalidraw+ Is Now SoC 2 Certified
10 months ago
- #SOC 2 Compliance
- #Tech Stack Upgrade
- #Security
- Excalidraw+ achieved SOC 2 Type I compliance and is working towards Type II.
- Used Vanta to streamline compliance, integrate services, and fix gaps.
- Implemented zero-trust production access and upgraded the tech stack (Nx, Infisical, VPN, etc.).
- Conducted penetration testing and evaluated all vendors for compliance.
- Wrote and tailored numerous policies, balancing startup culture with structured processes.
- Adopted secure workstation policies, including disk encryption and password managers.
- Split the monolith into services using Nx for better management and efficiency.
- Used Infisical for encrypted environment key management and improved CI/CD workflows.
- Set up monitoring with Vector and Axiom, and created a public status page.
- Evaluated and documented all vendors, focusing on those with SOC 2 reports.
- Chose privacy-focused analytics tools (Umami, Simple Analytics) without cookie banners.
- Passed the SOC 2 Type I audit with Insight Assurance and shared findings in the trust center.
- Future goals include SOC 2 Type II, GDPR, and possibly ISO 27001 based on customer demand.