We've successfully completed our SOC 2 audit
December 20, 2021 — 2 min read
We're very pleased to announce that incident.io is now SOC 2 compliant, having successfully completed our Type I audit. Put simply, this means an external auditor has looked at how the company is operating, and how our software is managed and operated, and confirmed that we meet a set of high security standards.
SOC 2 in a nutshell
SOC 2 is an information security standard, which looks at the controls we have in place for the security, availability and privacy of data. To become compliant we need to meet the SOC 2 standards, which requires us to define how things work with a number policies and procedures, and to have a collection of technical controls in place for our processes and systems.
Automating our compliance
At incident.io, security is an active part of everything we do. Instead of periodic checks on our systems, we're actively monitoring our entire environment on an ongoing basis using Vanta.
Vanta connects in a read-only mode to all of our systems, including our cloud environment, GitHub repositories and MDM solution, and continuously monitors our controls to ensure they're working as expected. This means we can be confident things are always working, and it streamlines the audit process as our auditors can directly access up-to-date evidence themselves.
Take, for example, a control that says all stored data must be encrypted at rest. In a traditional audit approach, we'd manually gather evidence from our cloud provider console (probably taking screen shots 😬) and send them off to an auditor. With Vanta, we have this evidence collected automatically all of the time, and allow our auditors to log in and view it first-hand.
We're going deeper still
What we have today is a Type I report, which asserts that we have everything set up correctly when the audit took place. We'll be following this up with an even stronger Type II audit, which confirms the above, but also looks at whether we're following these good practices consistently over a longer time period (hint: we are!). We'll be picking this up early next year.
If you'd like to chat more about SOC 2, or get a copy of our report, either join our Community Slack workspace, or head to our Security page.
Chris Evans
Co-Founder & CPO
I'm one of the co-founders, and the Chief Product Officer here at incident.io.
See related articles
Engineering teams in 2027
A forward look at where engineering teams are heading with AI, based on conversations with design partners who are visibly six-to-twelve months ahead of the average. Tailored code agents, MCP gateways, agentic products that talk to each other — most of the picture is already there in pockets, and the rest of the industry is closing the gap fast.
Lawrence JonesMay 19, 2026
incident.io launches PagerDuty Rescue Program
incident.io just launched the PagerDuty Rescue Program, making it easier than ever for engineering teams to ditch their decade-old on-call tooling. The program includes a contract buyout (up to a year free), AI-powered white glove migration, a 99.99% uptime SLA, and AI-first on-call that investigates alerts autonomously the moment they fire.
Tom WentworthMay 13, 2026
Humans aren’t fast enough for 4 9’s
Hitting 99.99% isn't a faster version of what you already do. It's a different problem to be solved: autonomous recovery, dependency ceilings, redundancies, and the discipline to build systems that buy you 15-30 minutes before you're needed at all.
Norberto LopesMay 11, 2026
So good, you’ll break things on purpose
Ready for modern incident management? Book a call with one of our experts today.
We’d love to talk to you about
- All-in-one incident management
- Our unmatched speed of deployment
- Why we’re loved by users and easily adopted
- How we work for the whole organization
