Good day -
One of our customers who's using a software we've deployed with LimeLM, has asked us to fill out a security questionnaire/review; they are basically asking if WyDay is formally compliant with any security certifications, like SOC 2/ISO 27001. Could you please clarify, so we can respond.
No, we don't currently go through external certifications of our security. Our security audits are done both in-house and with independent security contractors (testing different parts of our organization).
We have no short-term plans for external security certifications. Not enough demand, not enough benefits. It would be a rubber-stamp “social proof” for the security practices we already use.
Maybe longer term we'll devote time to this, but it's not a priority.
I understand, and thank you for the information.
One last clarification - we store a subset of customer data using the ‘extra data’ functionality in LimeLm. And security of this data is what's being called into question.
In the DPA here (Appendix 2, section A, (i) Physical and environmental security:), the infrastructure where this data is stored is noted as being SOC 2 Type II and ISO 27001 certified and so we can affirm that customer data storage is secure: is my interpretation correct?
the infrastructure where this data is stored is noted as being SOC 2 Type II and ISO 27001 certified and so we can affirm that customer data storage is secure: is my interpretation correct?
Yes.
