Chris Lippi | VP, Products
January 02, 2014

Mashery Completes SSAE 16 SOC 2 Audit


SOC logo

Mashery offers its services to a wide range of customers; from hot startups to the Fortune 500.  Customers that leverage our SaaS products entrust us to handle their valuable data.  We take that very seriously and we’d not be very successful if we didn’t. 

In previous blog posts, I’ve described our journey to become the first API management provider to become PCI-DSS certified, critically important for those that run commerce APIs.  I’ve also discussed our effort to expand our compliance posture to include HITRUST, the most widely adopted security framework within the U.S. healthcare industry. 

Another important standard that gives enterprise IT organizations a degree of comfort that a service provider is managing their service well is the Statement on Standards for Attestation Engagements, or SSAE 16.  SSAE 16 is the standard that is replacing the now 20+ year-old SAS 70 standard.  Today, I am pleased to report that we’ve completed our SSAE 16 SOC 2 Type 1 audit as well. The SOC 2 components of SSAE 16 cover controls that are related to non-financial reporting aspects of SSAE 16.  For our customers, SOC 2 covers the more import controls of API security, availability, processing integrity, confidentiality, and privacy.

With this achievement, Mashery continues to demonstrate it’s commitment to investing in the people, processes and management controls, all verified by 3rd party auditors, that ensure your API programs are in good hands.  Our investments in the areas of PCI-DSS, HITRUST, and SSAE 16 allow you to choose a service from a high quality delivery organization that is working hard every day to ensure your program is healthy, secure, and robust, giving you big gains in time to market and lower total costs.

For more information, please see our website or contact us.