Arnica achieves SOC2 Type 2 & ISO27001 compliance

Customer driven

Arnica is built with the primary purpose of securing our customers’ development environments, including tier 1 application services such as Source Code Management (SCM) tools (like GitHub and Azure DevOps) and Continuous Integration / Continuous Delivery (CI/CD) pipelines. As organizations implement a secure Software Development Lifecycle (SDLC), the tools they use – like Arnica – need to proactively demonstrate that they will be effective security partners. To that end we at Arnica felt, even at our early stage, that it is critical that we implement, maintain, and validate the highest possible standards for our data handling architecture, Information Security Management System (ISMS), and Application Security program by attaining our SOC2 Type 2 and ISO27001 certifications.  

3rd party validated

While Arnica is an organization of tenured security professionals, we felt it was imperative that we evaluate our security posture and processes using effective 3^rd party auditing. Arnica partnered with Prescient Security, one of the preeminent security and compliance auditing agencies, to conduct a thorough 3^rd party evaluation of our security posture and Information Security Management System (ISMS) against SOC2 and ISO27001 compliance requirements before and during the observation window for both SOC2 and ISO27001.  

Compliance learnings (and the future of Arnica)

In parallel to our own compliance audit process, we have been working diligently to understand the compliance challenges associated with implementing an effective software supply chain security posture. We are eager to incorporate our learnings to provide security professionals with continuous compliance tools and compliance reporting to make security and compliance easier for AppSec & DevSecOps professionals.  

Please contact cs@arnica.io if you would like to receive a copy of our SOC2 Type 2 report as part of an evaluation of Arnica’s software supply chain security solution.