Qpoint Achieves SOC 2 Type II Compliance
We're excited to announce that Qpoint has successfully achieved SOC 2 Type II compliance! This milestone represents our commitment to security, privacy, and maintaining the highest standards for protecting our customers' data.
What This Means for Our Customers
Let's start with what matters most - what this certification actually means for you:
- Your data is secure: We've demonstrated that our controls and processes for handling sensitive information meet rigorous security standards
- We're accountable: Our systems have been thoroughly tested by independent auditors over a substantial period (September 16, 2024 to February 28, 2025)
- We're transparent: This certification validates our ongoing commitment to security best practices
For those unfamiliar with compliance jargon, a SOC 2 Type II attestation isn't just a one-time check of security measures. It requires ongoing adherence to stringent controls and processes over a period of time. Think of it as the difference between passing a driving test and proving you're a good driver through months of actual road time.
Why Security Matters for API Visibility
Qpoint's platform provides unprecedented visibility into external service dependencies through our innovative eBPF-based technology. When you're monitoring API connections at the source level, before encryption, security isn't just a feature - it's the foundation everything else is built on.
Our customers trust us to see and analyze their critical API traffic. With this SOC 2 Type II attestation, we're not just saying "trust us" - we've proven that our security controls and practices have been rigorously validated by independent experts.
The Process: What It Takes to Achieve SOC 2 Type II
As a reminder to myself: getting SOC 2 compliant is a marathon, not a sprint. Our team dedicated significant time and resources to this effort, including:
- Implementing comprehensive security policies and procedures
- Establishing robust access controls and monitoring
- Conducting regular security assessments and testing
- Training all team members on security best practices
- Continuously monitoring and improving our security posture
The audit examined our controls across multiple trust service criteria, with a particular focus on security. This validated that our Qtap agent, control plane, and overall architecture meet the stringent standards required for handling sensitive customer data.
What's Next: Maintaining Our Commitment
Compliance isn't a destination - it's a continuous journey. We'll be maintaining our SOC 2 controls and preparing for our renewal audit with a 12-month evidence collection window. This ongoing commitment ensures that our security practices remain current as our platform evolves.
For our customers focused on security and compliance in their own organizations, you can request our Letter of Attestation to demonstrate our compliance status. This document can be shared without an NDA in place.
Building a House with a Strong Foundation: Security and Visibility
One thing I've learned through years in infrastructure and monitoring: security and visibility go hand-in-hand. Much like building a house, visibility is the blueprint that shows you what to build, while security is the foundation that keeps everything stable. You can't secure what you can't see, and visibility without security creates risk.
That's why Qpoint's approach is so powerful. By operating directly at the source of each connection using eBPF technology, we provide:
- Process-level intelligence identifying exactly which processes initiate external connections
- Visibility at the source - seeing and analyzing traffic before encryption
- Comprehensive context that maintains service identity throughout the connection lifecycle
And now, with our SOC 2 Type II attestation, you can be confident that this visibility comes with validated security controls.
Let's Celebrate Together
I'd like to thank our team for their hard work and dedication to achieving this milestone, and our customers for their trust and support throughout this process.
If you'd like to learn more about our SOC 2 compliance or how Qpoint's technology can provide unprecedented visibility into your external API dependencies, please contact us today.