We’re committed to keeping you informed on our work to protect your privacy and data you share with Tilt. Today, we’re sharing an update on our recent improvements to our processes, teams, and platform so you understand the continued investment we’re making in protecting the security and privacy of the people who use Tilt across the United States and Canada.
Completing our first SOC 2 Type ll Audit
In June 2022, we completed our SOC 2 Type ll audit. SOC 2 Type ll is a report that captures how a company safeguards customer data and how well those controls are operating. Our audit included a comprehensive review of our security program based on an external audit completed by Baker Tilly. The audit reviewed Tilt’s security controls, including the following categories:
- Access Control;
- Vulnerability management;
- Change Management;
- Incident response; and
- Employee security awareness and education.
Tilt’s independent external audit examined evidence that Tilt controls access to customer and user data securely, scans for and remediates any vulnerabilities to security attacks, securely deploys code, and responds quickly and effectively to evidence of threats, attacks, and security incidents.
Infusing security and privacy into everything we build
Keeping your data secure and respecting your privacy will always be ongoing work for us. In our collaboration with teams across Tilt and external partners, some of the most recent efforts include:
- Expanding the privacy and security reviews conducted before a product launch or vendor decision to include a mandatory assessment of our software development life cycle and vendor assessment, respectively; and
- Revamping our proactive internal audits of systems and services to ensure that they happen more frequently.
This work builds on our efforts to improve the security of our internal tools and systems which includes strengthening our access management processes and authentication systems for support tools, improving our detection and monitoring capabilities, and investing in additional penetration testing and scenario planning to help secure Tilt from a range of possible threats. It also goes hand in hand with our ongoing work to build security and privacy into everything we launch.
We will continue to expand our privacy and security practices by understanding how we can be private by design while we build a robust Tilt platform.
With transparency and accountability as the backbone of this work, we’ll update you on the latest work to protect your privacy and security on Tilt. If you have questions, feel free to reach out to email@example.com. We welcome a conversation.