Building a culture of trust and security from the start

We are excited to announce that we recently completed our SOC 2 Type 1 attestation report.

We are excited to announce that we recently completed our SOC 2 Type 1 attestation report. Yes, you read that correctly – Nudge Security is already earning compliance certifications, despite being an early-stage seed startup still in stealth. While that may seem a bit unorthodox to some, our goal is to establish a culture of trust and security from the very start. Earning our SOC 2 compliance is an important step towards that goal.

At a time when supply chain attacks are rising sharply, it’s more critical than ever for digital enterprises to “trust but verify” the security and risk postures of their third-party and even fourth-party data processors. As a rigorous, independent review of internal controls, SOC 2 has become a de facto standard in providing evidence of an organization’s ability to meet the SOC 2 Trust Service Criteria for security, confidentiality, availability, privacy, and processing integrity.

Adopting widely-accepted frameworks like SOC 2 gives us a blueprint for developing systems, processes, and operations that are secure by design. It also helps us to avoid future pains of retrofitting security, compliance, and privacy controls later on.

More importantly, our early pursuit of SOC 2 supports our collaboration with our early access development partners. We didn’t feel right asking CISOs and other technical decision-makers to overlook their own security and compliance programs in order to evaluate our products. We hope that other security startups take note.

Like most cloud-native startups, our internal environment is dynamic and will undoubtedly change and grow quickly as we build our business. Maintaining continuous compliance is crucial as we adopt new tooling and subprocessors. That's why we use Drata as our compliance automation platform to continuously monitor our internal security controls against the highest possible standards. Drata provides real-time visibility of our systems, helping us to ensure end-to-end security and compliance across our organization.

We also use Safebase to publish details about our security and compliance programs. Safebase makes this information easily accessible, transparent, and always up to date. You can subscribe to our Safebase updates here to follow our progress in our security, privacy, and compliance efforts.

To follow along with all Nudge Security updates, including product announcements and career opportunities, be sure to follow us on LinkedIn and Twitter.

Related posts


Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors