Our SOC 2 II Certification and Security Execution at MineOS

Gal Golan
Gal Golan
Dec 2, 2022
min read
Our SOC 2 II Certification and Security Execution at MineOS

MineOS provides data services for thousands of companies, so we understand the scope of keeping data secure as our top priority. Companies should not have to choose between system convenience and security, which is why the R&D team and I work to maintain the highest security standards possible in support of the products at Mine PrivacyOps’s core. 

Thanks to that work, Mine has taken the next step forward in our growth as a B2B SaaS company by earning our SOC 2 Type 2 certification. SOC 2, developed by the AICPA, is one of the benchmarks for modern data security, requiring companies to set and implement strict information security policies and procedures as verified by external audits.

Going through independent assessments and audits is an important step for our company to show that we comply with global security protocols and standards, as well as to maintain transparency with the public, which we consider a core value. You can access Mine’s SOC 2 audit report by filling out a request here.

After spending 7 years in the cyber security industry, I recognize how important it is to cover security from different perspectives in order to defend from a variety of attack vectors (compromised credentials, social engineering, inside attack, misconfiguration, brute force, etc.):

  • Personnel - All our employees and subcontractors undergo training and tests, background checks, and phishing simulations. Physical security measures are used to protect our premises from unauthorized access.
  • Endpoint Security - Hardened and managed endpoints with state-of-the-art endpoint security software help us reduce the risk of a compromised endpoint. 
  • Vendors/Sub Processors - We only work with leading vendors and have a process in place to ensure our security standards can be maintained across the entire supply chain.
  • Data Security - We implement data minimization everywhere across our stack and implement multiple encryption layers for all data, in transit and at rest. We restrict usage to modern ciphers and well-trusted implementations.
  • Access Management - We make sure any required credentials are stored in proper vaults, 2-factor authentication, and a strong password policy is used for all accounts, as well as audit logs and alerts for detecting suspicious activities. We don't rely on automated solutions and also perform manual permission reviews. 
  • Network Security - We expose to the internet only what is absolutely necessary while using strict firewalls and IDS/IPS rules. Our internal network is hardened and relies on modern VPNs with device posture checks.
  • Application Security - We maintain a secure SDLC at every step of the way: use of trusted software, security review for every change, automatic installation of patches, and continuous code and application scans. 
  • Security Program - Our security program is built and managed by experts and is a top-level priority for the company’s management.

Learn more about our security and business continuity practices here:

By being transparent about our security and processes and earning industry-standard compliances such as SOC 2 to validate them, Mine aims to show we practice what we preach. 

Data security and privacy protection are not just business mottos but ideas my co-founders and I have devoted our lives to progressing, so individuals can use the internet without compromising their privacy and companies can manage data flows responsibly to show customers their digital rights are respected.