Baseten achieves SOC 2 Type 1 certification

Update: Baseten has now achieved SOC 2 Type II certification.

In March, Baseten completed a rigorous audit by Sensiba San Filippo LLP, a leading CPA firm, to achieve System and Organization Controls (SOC) 2 Type I certification. This effort, led by our CEO, involved providing auditors with detailed statements and substantial evidence about our product and operations.

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 Type 1 is a single report that assesses the security posture of an organization at a point in time. While achieving this level of compliance is unusual for a company of our size, we are already working toward further certifications, including SOC 2 Type 2, an ongoing assessment.

To receive the SOC 2 Type I certification, Baseten provided evidence of following best practices across five trust services criteria:

• Security

• Availability

• Processing Integrity

• Confidentiality

• Privacy

We provided information covering technical details within our product such as authentication mechanisms, backups, firewall configurations, data encryption, and cypher suites, along with operational details including code review and deployment approval. The audit also covered the company’s hiring processes. Our SOC 2 Type I report did not have any noted exceptions and therefore was issued with a “clean” audit opinion. In all, Baseten’s controls were found to be “suitably designed” for over 70 specific sub-criteria.

This holistic review demonstrates Baseten’s careful custody of our customers’ information, the robustness of our infrastructure, and the diligence of our employees and contractors. We will continue to review and improve the security and compliance of our product and operations to provide our customers with a reliable and trustworthy platform for critical ML-powered business processes.