Optimizely has successfully completed the SOC 2 examination for the Optimizely X experimentation platform.
Whether implementing the Optimizely snippet or SDK, there’s a level of trust that our customers expect when using our product. That’s why it’s our responsibility to show our commitment to compliance and security. We’re proud to have completed our Type 1 SOC 2 examination for Security, Availability and Confidentiality as a testament to our security practices.
Optimizely has completed a Type 1 SOC 2 examination. The examination was performed by Schellman & Company — an independent CPA firm — for the scope of service described below.
Optimizely is committed to performing further SOC 2 examinations in future years.
Optimizely was examined in three Trust Service principles as part of the SOC 2 examination:
Please see above for the factors relevant to our recent SOC 2 report.
Optimizely’s SOC 2 report is available to existing and prospective customers under a non-disclosure agreement. Contact your customer success manager or account executive to request a copy.
By engaging an independent CPA to examine and report on a service organization’s controls, service organizations can respond to meet the needs of their user entities and obtain an objective evaluation of the effectiveness of controls that address operations and compliance, as well as financial reporting at those user entities. To provide the framework for CPAs to examine controls and to help management understand the related risks, the AICPA has established three Service Organization Control (SOC) reporting options. The three types of SOC reports within the structure are as follows:
SOC 2 reports are attestation reports that opine on controls at a service organization relevant to the security, availability, or processing integrity of a system (security, availability, and/or processing integrity principles) or the confidentiality or privacy of the information processed for the user entities (confidentiality or privacy principles). SOC 2 reports are an alternative to SOC 1 (SSAE 16) examinations which may only opine on service organization’s controls that are likely to be relevant to user entities’ internal controls over financial reporting.
There are five Trust Services principles that a service organization may opt to be evaluated against as part of theany SOC 2 examination. The service principles are: organization may select any combination of the following principles:
The specific Trust Services principles selected by Optimizely, Inc. are Security, Confidentiality, and Availability.
SOC 2 examinations may only be performed by a licensed CPA firm.
SOC 2 reports are restricted use reports, which means that the authorized users of the report are generally management of Optimizely, Inc., user entities (customers) of the services provided by Optimizely, Inc. during the time period of the examination, prospective user entities, independent auditors of these user entities, and other parties who have sufficient knowledge and understanding of Optimizely, Inc.’s services covered by the SOC 2 report.
There are two types of SOC 2 examinations. SOC 2 reports that opine on management’s description of a service organization’s system and the suitability of the design of controls are referred to as Type 1 reports. These examinations always have a review date. SOC 2 reports that opine on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls are referred to as Type 2 reports. These examinations always have a review period.
Get started creating digital experiences that transform your company
An error has occurred