Blog Post

SOC2 Type II Renewed with No Exceptions and SOC3 Awarded

June 30, 2022 Gabriel Abreu

As the leading, dedicated code coverage solution, Codecov sits at the critical intersection of our users’ source code and testing (continuous integration). As such, we prioritize the security of our customers’ data and the resiliency of our systems.

Our commitment to innovation and information safety has walked hand-in-hand in the past seven years on our mission to help our clients improve their code quality and deploy with confidence.

For this reason (drum roll, please)…

We’re very excited to announce we have been awarded a SOC2 Type II and SOC3 attestation with no exceptions!

Why is this a big deal?

For those who do not know, a SOC2 audit is a full technical and process inspection of all of our systems and controls performed by an accredited, independent third-party auditor (in our case, Linford & Company LLP). The main objective here is to ensure Codecov’s service commitment and system requirements meet the best-in-class criteria set forth by the American Institute of CPAs (AICPA) across different areas such as security, availability, processing integrity, confidentiality, and privacy. 

The wide scope of this evaluation includes 

  • How our service is designed and developed
  • How the system is operated
  • How internal networks are managed
  • How employees are hired and trained.

How did we do it?

We worked together with our auditor Linford and Co and our readiness tool Vanta as our SOC2 and SOC3 readiness provider. Vanta helped us automate, monitor and test our organizational structure, and develop policies and procedures to demonstrate how our systems and data are protected.

Between Vanta and Linford, an otherwise daunting process became straightforward and has been our method for many years so we can continue to focus on ensuring security and resilience for our customers. 

This is the result of several months of hard work in a joint effort between our Security, Engineering, and Operations teams in order to reinforce the peace of mind of our users in regards to how we handle their data and to provide confidence to individuals and organizations new to Codecov about the strictness of our systems and procedures in place.

When was this attestation awarded?

Codecov renewed with no exception their SOC2 Type II on Friday, May 27, 2022, and was awarded SOC3 on June 27, 2022. Codecov’s SOC2 Type II status will be audited on a yearly basis to confirm that we continue to uphold these same standards.

Our SOC3 report is available on our security pageIf you’re looking for more details of our SOC2 report, please contact us here.

Before we redirect you to GitHub...
In order to use Codecov an admin must approve your org.