Add information about SOC 2 attestation to security page

PrairieLearn · May 20, 2024 · 050f5a5 · 050f5a5
1 parent 0c11822
commit 050f5a5
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/src/pages/security/index.mdx b/src/pages/security/index.mdx
@@ -6,6 +6,10 @@ export const meta = {
 
 The PrairieLearn team takes the security of our products and services seriously.
 
+## Third-party audits
+
+- **SOC 2 Type I**: PrairieLearn, Inc. has a SOC 2 Type I attestation for Security in accordance with the AICPA Trust Service Criteria. [Contact us](/contact) for access to our report.
+
 ## Product security
 
 - **Software development lifecycle**: PrairieLearn, Inc. follows a secure software development lifecycle, including secure coding practices, code reviews, and automated testing.
@@ -18,10 +22,6 @@ The PrairieLearn team takes the security of our products and services seriously.
 - **Secure remote access**: Internal systems are only accessible via AWS Systems Manager. Access to AWS Systems Manager is logged and tightly controlled.
 - **Identity access and management**: PrairieLearn, Inc. uses JumpCloud for identity and access management. Multi-factor authentication is required and utilized wherever possible.
 
-## Third-party audits
-
-- **SOC 2 Type I _(coming soon)_**: PrairieLearn, Inc. is currently working with [Vanta](https://www.vanta.com/) and third-party auditors to achieve SOC 2 Type I compliance. We expect to complete this process in early 2024. The completed report will be made available to customers upon request.
-
 ## Reporting a vulnerability
 
 If you believe you have found a vulnerability in any PrairieLearn software, please report it to us via coordinated disclosure. **Do not report suspected vulnerabilities publicly, including through GitHub issues or public Slack channels.** Instead, please send an email to [security@prairielearn.com](mailto:security@prairielearn.com) with as much relevant information as possible, including: