New

Introducing the CodeSandbox Storybook add-on

Bring every story to life.

Learn more
arrow_back
Blog chevron_right News
May 23, 2024

CodeSandbox is Now SOC 2 Compliant

Another milestone that shows our commitment to keeping your code and data secure.

Filipe Lima
Filipe Lima
CodeSandbox is Now SOC 2 Compliant

With CodeSandbox, you can turn your repository into a shareable development environment that's available 24/7. Give it a try with this Next.js example or import your GitHub repo!


Today, we are thrilled to announce that CodeSandbox is officially SOC 2 compliant! This attests to our ability to handle and process customers' data and meet key security standards.

As CodeSandbox becomes the choice of a growing number of enterprises, we understand the importance of building trust in our security and data handling practices. Our SOC 2 Type II report shows that we prioritize the protection of customer data and are committed to building a robust security and compliance program.

Given the strict security requirements of enterprises worldwide, this achievement will allow us to bring CodeSandbox to larger organizations while ensuring the protection of their code and data.

Why SOC 2?

You might wonder, “What’s SOC 2, and why should I care?" In a nutshell, SOC 2 (Service Organization Controls 2) is the gold standard for data security and privacy. It's a rigorous framework governed by the American Institute of Certified Public Accountants (AICPA) that sets the bar high for how organizations protect their customers' information.

If you’re a CodeSandbox user, you probably know that we keep pushing the boundaries of what's possible in the world of coding in the cloud. With CodeSandbox CDE, we delivered a truly seamless cloud development environment that is powerful, performant and collaborative like no other. But as we empower organizations to bring their entire development process to our CDE, we had to make security a top priority.

With cyber threats becoming increasingly sophisticated, we knew it was time to double down on our security efforts.

By undergoing a SOC 2 audit, we put our policies, procedures, and controls to the test. An independent auditor gave us a thorough review and confirmed that our security measures are not only well-designed but also working effectively.

As the ultimate standard for security and trust, SOC 2 allows us to deliver a compliant solution, both to CodeSandbox Pro subscribers and our Enterprise customers.

Our SOC 2 journey

As you might imagine, achieving SOC 2 compliance is not a trivial project. Fortunately, we teamed up with Vanta to streamline our journey. Their platform seamlessly integrated with our systems and provided guidance to implement the policies and procedures needed before the audit. Then, Advantage Partners verified our audit readiness and kicked off our Type II audit. Their team evaluated our controls and provided valuable feedback. After the audit window closed, they delivered our report.

One valuable lesson we learned is that achieving SOC 2 compliance is a marathon, not a sprint.

While having the right partners made a world of difference, it still required dedication and focus from our team. Fortunately, the majority of requirements aligned very well with our current way of working and we had already adopted several security best practices, which helped streamline this process.

Throughout this process, we collaborated with our auditor to establish a clear timeline, set a target audit date, and worked backward to ensure we were ready. Now that our controls are in place and security is more deeply ingrained in our culture, future SOC 2 audits will be even smoother.

Looking ahead

This wasn’t a very typical project for our team and it definitely took us outside of our comfort zone at times, which makes it all the more gratifying to see our hard work pay off.

We have been building CodeSandbox as the most complete solution for any organization wanting to streamline its development processes by coding in the cloud. Our SOC 2 Type II report is a major component of that vision and we will continue to build on top of it to maintain our strict commitment to security and compliance.

We're excited to share this milestone with you! If you’d like to learn more about our security practices and how CodeSandbox Enterprise can be a good fit for your business, talk to us!



Keep reading about News .

Introducing CodeSandbox CDE
News Jan 30, 2024

Introducing CodeSandbox CDE

CodeSandbox CDE is now live, bringing instant cloud development environments and usage-based billing.

Introducing AI Code Autocomplete Powered by Codeium
News Nov 22, 2023

Introducing AI Code Autocomplete Powered by Codeium

Powerful, accurate code suggestions for every CodeSandbox user.

Introducing a Unified Development Platform
News Nov 21, 2023

Introducing a Unified Development Platform

Our new Devboxes and improved Sandbox editor are here to help you build anything, no matter how big or small.