New: AI-native post-mortems are here! Get a data-rich draft in minutes.
We've successfully completed our SOC 2 audit
December 20, 2021 — 2 min read
We're very pleased to announce that incident.io is now SOC 2 compliant, having successfully completed our Type I audit. Put simply, this means an external auditor has looked at how the company is operating, and how our software is managed and operated, and confirmed that we meet a set of high security standards.
SOC 2 in a nutshell
SOC 2 is an information security standard, which looks at the controls we have in place for the security, availability and privacy of data. To become compliant we need to meet the SOC 2 standards, which requires us to define how things work with a number policies and procedures, and to have a collection of technical controls in place for our processes and systems.
Automating our compliance
At incident.io, security is an active part of everything we do. Instead of periodic checks on our systems, we're actively monitoring our entire environment on an ongoing basis using Vanta.
Vanta connects in a read-only mode to all of our systems, including our cloud environment, GitHub repositories and MDM solution, and continuously monitors our controls to ensure they're working as expected. This means we can be confident things are always working, and it streamlines the audit process as our auditors can directly access up-to-date evidence themselves.
Take, for example, a control that says all stored data must be encrypted at rest. In a traditional audit approach, we'd manually gather evidence from our cloud provider console (probably taking screen shots 😬) and send them off to an auditor. With Vanta, we have this evidence collected automatically all of the time, and allow our auditors to log in and view it first-hand.
We're going deeper still
What we have today is a Type I report, which asserts that we have everything set up correctly when the audit took place. We'll be following this up with an even stronger Type II audit, which confirms the above, but also looks at whether we're following these good practices consistently over a longer time period (hint: we are!). We'll be picking this up early next year.
If you'd like to chat more about SOC 2, or get a copy of our report, either join our Community Slack workspace, or head to our Security page.
Chris Evans
Co-Founder & CPO
I'm one of the co-founders, and the Chief Product Officer here at incident.io.
See related articles
Who's on call? How Claude helped us calculate this 2,500x faster
A look at how on-call schedules work, and how we made rendering them 2,500× faster — through profiling, smarter algorithms, and some Claude.
Rory BainApril 28, 2026
How it feels to run an incident with AI SRE
For the last 18 months, we've been building AI SRE, and one of the things we've learned is that UX matters more than you think. This week, I used AI SRE to run a real incident, and I walk you through it end-to-end.
Chris EvansApril 23, 2026
What does using AI for post-mortems actually mean?
Everyone is using AI to help with post-mortems now. We've built AI into our own post-mortem experience, pulling your Slack thread, timeline, PRs, and custom fields together and giving your team a meaningful starting point in seconds. But "AI for post-mortems" can mean very different things.
incident.ioApril 23, 2026
So good, you’ll break things on purpose
Ready for modern incident management? Book a call with one of our experts today.
We’d love to talk to you about
- All-in-one incident management
- Our unmatched speed of deployment
- Why we’re loved by users and easily adopted
- How we work for the whole organization
