cover
Endgame is now SOC 2 Type II compliant main image
Apr 21, 2022

Endgame is now SOC 2 Type II compliant

Ryan Tyer

Ryan Tyer

We know how important the security of product and customer data is to our customers, which is why we are excited to announce that Endgame has achieved SOC 2 Type II compliance. This milestone is a testament to Endgame’s ongoing commitment to our customers that they can confidently trust their data with Endgame.

Our priority at Endgame is to protect the privacy and security of your and your customers' data, and we address this responsibility through a security and privacy by design methodology. A key part of that is pursuing SOC2 and that’s why we’re excited to announce today that Endgame has achieved SOC2 Type II compliance.

Why we invested in SOC2

A SOC 2 report is for service organizations that hold, store, or process the information of their users. Endgame provides sales teams with access to data that tells the story of how a customer uses the product combined with the relevant account and contact level information. Because of this, Endgame is at the center of product and revenue – so it is absolutely critical that our customers never have to worry about their data being compromised.

We wanted to make partnering with Endgame as simple a decision as possible and provide transparency for our customers and champions so they can understand and share how we’re building Endgame from the ground up with security in mind.

SOC2 Type II provides our customers with:

  • A comprehensive, third party report that goes into detail about our security practices
  • Confidence that the data you send to Endgame is safe
  • Security and privacy that you can build your business on, place big bets, and ask hard questions without limitations

What's in the report

Our SOC 2 Type II report includes an in-depth analysis of Endgame’s security and privacy practices performed by an independent auditor. We won’t cover all the details here, but there are a few themes that stood out.

We operate on a ‘need to know’ basis
Endgame’s security principals are designed to permit system users to access the information they need based on their role – and restricting them from accessing information that is not necessary.

Your data is encrypted, without exception
Endgame uses encryption technologies to protect customer data both at rest and in transit.

We hire and train the best
Every Endgame employee is background tested and the team undergoes ongoing security training to keep everyone up to date.

Security at Endgame

Above and beyond SOC2 Type II, we take a number of measures to ensure that your data is as secure as possible. This includes, but is not limited to the following:

  • Continuous monitoring built on Drata
  • Data encrypted at rest (AES256) and in transport (HTTPS/TLS)
  • Zero knowledge Endgame API keys
  • Restricted employee access to production environments and data
  • Support for SSO/SAML authentication
  • Vulnerability Scanning on dependencies and container images
  • Third-Party Penetration Test and Security Review
  • GDPR/CCPA Compliance

If you're an Endgame customer and want to see a full copy of our SOC 2 Type II report, reach out to our customer success team at success@endgame.io.