Frame.io Boosts Enterprise-level Security: Now SOC 2 Type 2 Compliant

Frame.io Boosts Enterprise-level Security: Now SOC 2 Type 2 Compliant

Ensuring your media assets are safe on Frame.io is paramount, and from the very beginning we laid out a roadmap to get us where we are today. Which is why we’re thrilled to announce that we just accomplished the next milestone in our plan with the completion of our SOC 2® Type 2 audit—the gold standard for security compliance for SaaS companies.

Last July, we announced that Frame.io became SOC 2 Type 1 compliant. SOC 2 Type 1 is a “point-in-time” compliance—meaning that as of that time, we demonstrated to external third party auditors our ability to successfully design and implement security controls, policies, and procedures to secure and encrypt your media on Frame.io.

With the rigorous SOC 2 Type 2 audit, we demonstrated our ability to maintain those same security controls, policies, procedures, and standards successfully throughout the examination period—from July until now—without any exception. These are standards that transcend the technology Frame.io is built on—they permeate into all aspects of our company, from the training of our employees to the distribution of company software and hardware, and even to the protocols for guests that visit our NY headquarters.

From the required 2-step and Google verification of all employee accounts, to the security measures required to even enter our offices, SOC 2 Type 2 standards extend from online to off.

When we say that your content is protected because Frame.io has a robust and comprehensive security program, you don’t need to just take our word for it. As part of this audit process, third-party auditors tested Frame.io’s controls, including examination of our policies and procedures regarding network connectivity, firewall configurations, systems development life cycle, computer operations, logical access, data transmission, backup and disaster recovery, and other critical operational areas of business.

The SOC 2 audit was performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 205. The audit process evaluated Frame.io against service controls derived from three key trust principles of SOC 2—security, availability, and confidentiality. Upon completion of the audit, Frame.io received a Service Auditor’s Report with an unqualified opinion demonstrating that our policies, procedures, and infrastructure met or exceeded the stringent SOC 2 criteria for industry standards and best practices.

Frame.io’s SOC 2 Type 2 report is available under NDA to all existing and potential customers. Get in touch with us if you’d like a copy.

From the very beginning, we built Frame.io with rigorous security systems in mind. The successful completion of this audit illustrates Frame.io’s ongoing commitment to creating and maintaining a secure operating environment for our customers’ confidential data and delivering the highest security standards available in the media industry. With this recent milestone, as well as the TPN compliance we achieved last fall, we will continue to enhance not only our security protocols, but also those security-related features that make Frame.io the best combination of award-winning design and unmitigated security, all in a fast and robust infrastructure.

Everyone using the Frame.io platform, including those of you who handle the most private and sensitive media for their organizations, can now sleep sound at night knowing your media is in safe and secure hands.

Learn More

Frame.io’s Head of Security, Abhinav Srivastava, will be presenting “Adaptable Content Security in the Cloud using Serverless Technology” at NAB on Wednesday, April 10th as part of the BEIT industry track. He will also be giving a version of this for the wider NAB audience at Frame.io’s booth, located at SL2426.

Thank you to Abhinav Srivastava for contributing this article.

Abhinav Srivastava is the Head of Information Security at Frame.io, where he leads security & compliance initiatives. Before joining Frame.io, Abhinav spent 6 years in AT&T Shannon Labs as a Principal Researcher working on systems, cloud, IoT, and network security projects. He authored 30+ research papers in peer-reviewed conferences and journals and holds multiple patents. Abhinav earned a Ph.D. degree in Computer Science from Georgia Tech.

Interested in contributing?

This blog relies on people like you to step in and add your voice. Send us an email: blog at frame.io if you have an idea for a post or want to write one yourself.