Open Source Security Summit: Our global event is going virtual on December 10 – Lets solve security challenges together. — Learn More

The Bitwarden Blog

Bitwarden achieves SOC 2 certification

SOC 2 Type 2 and SOC 3 certifications are complete

System and Organization Controls (SOC) comprise a set of control frameworks that independent auditors use to validate and certify an organization’s systems and policies with respect to security and data protection. The purpose of SOC standards is to provide confidence and peace of mind for organizations when they engage third-party vendors. A SOC-certified organization has been audited by an independent certified public accountant who determined the firm has the appropriate SOC safeguards and procedures in place.

As part of our commitment to keeping customer data secure and private, Bitwarden performed an audit with AuditOne, LLP, to cover the most important facets of data security regarding our processes for systems, employees, and security controls.

This audit serves as a declaration that Bitwarden operates holistically in the best interests of our customers and their data, taking every reasonable precaution.

The following certifications were achieved by the Bitwarden team:

Details on Controls for Service Organizations

SOC is driven by the Association of International Certified Professional Accountants or AICPA.

SOC 2 is the SOC for service organizations report focused on trust services criteria. AIPCA describes SOC 2 as the report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.

These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

According to the AICPA, the use of these reports is restricted. For SOC 2 report inquiries, please contact our sales team.

The SOC 3 report provides a summary of the SOC 2 report that can be distributed publicly. According to the AICPA, SOC 3 is the SOC for service organizations report on trust services criteria for general use.

Bitwarden makes a copy of our SOC 3 report available here.

SOC information from AICPA: https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/sorhome.html

These SOC certifications represent one facet of our commitment to safeguarding the security and privacy of customers, and compliance with rigorous standards. Bitwarden also performs a regular cadence of audits on our network security and code integrity, which you can find here:

Open Source Security Summit Promo Image

← Back to Blog