Celebrating Our SOC 2 Success

Caddi achieves SOC 2 Type I attestation, ensuring top-tier security for client data. Learn how we protect your information and prepare for SOC 2 Type II.
Aditya Sastry
March 11, 2025

Our Commitment to Security

At Caddi, we help professional services streamline repetitive tasks—often involving sensitive client data. Safeguarding that data is at the heart of our mission. That’s why we’re thrilled to announce we’ve successfully completed our SOC 2 Type I attestation, a critical first milestone in demonstrating our robust security practices.

What Is SOC 2?

SOC 2 is a widely respected standard for software-as-a-service (SaaS) providers, particularly those that handle sensitive or confidential data. It focuses on Trust Services Criteria, which can include security, availability, processing integrity, confidentiality, and privacy. For Caddi, undergoing this comprehensive audit demonstrates our unwavering commitment to keeping your data safe.

Type I vs Type II

  • SOC 2 Type I examines the design of our security controls at a specific point in time. It confirms that we’ve implemented the right policies, procedures, and safeguards to protect your data.
  • SOC 2 Type II assesses whether those controls operate effectively over a defined period. While Type I gives a snapshot of our security posture today, Type II will validate our ability to maintain these standards month after month.

    • Why We Pursued SOC 2

    Building Customer Trust

    We know how important it is for our customers to feel confident in our security measures. A formal attestation like SOC 2 Type I offers proof that Caddi’s platform meets recognized standards.

    Industry Alignment

    SOC 2 is widely accepted across SaaS and professional services. Obtaining a SOC 2 Type I attestation positions us as a trusted partner that adheres to industry best practices.

    Path to Continuous Improvement

    Achieving Type I is only the beginning. We view this as the start of an ongoing journey to strengthen our controls and processes, paving the way toward SOC 2 Type II in 2025.

    Our SOC 2 Type I Journey

    1. Assessment and Gap Analysis

  • We began by mapping out existing controls—like access management, data encryption, and incident response—against SOC 2 requirements.
  • Using Vanta to help automate evidence collection and keep track of our controls, we identified areas needing additional refinement or documentation.

    • 2. Documenting Policies & Procedures

  • We then formalized our security policies, ensuring each control and process was thoroughly documented and traceable.
  • Cross-functional collaboration among Engineering, Operations, and Leadership integrated security into every part of Caddi.

    • 3. Audit & Verification

  • We partnered with Advantage Partners, who served as our independent auditor. They reviewed our documentation, tested samples of our controls, and verified we met SOC 2 criteria.
  • The result? A SOC 2 Type I report confirming Caddi’s controls were suitably designed to protect customer data.

    • 4. Preparing for Type II

  • While Type I focuses on design at a specific date, Type II validates those controls over a period.
  • We’re already planning for our 2025 Type II audit, leveraging Vanta’s continuous monitoring features to ensure these safeguards remain effective long-term.

    • How This Benefits You

    Immediate Transparency

    You can request our Type I attestation report (under NDA) to see how we protect your data. This fosters greater trust and confidence.

    Foundation of Trust

    Knowing our controls are designed to meet SOC 2 standards today reassures you that we’re serious about security—and preparing to prove their long-term effectiveness.

    Reduced Vendor Risk

    By meeting an industry-standard framework, we help simplify your vendor due diligence and streamline security evaluations for your own compliance needs.

    Looking Ahead to 2025

    We’re already at work on SOC 2 Type II, which evaluates the operational effectiveness of our controls over a defined period. This next milestone will underscore our ongoing commitment to:

    • Continuous Monitoring: Regularly reviewing security metrics, incident response capabilities, and system updates.
    • Quarterly Security Assessments: Testing our safeguards to ensure they keep pace with evolving threats.
    • Transparent Communication: Keeping you informed about new policies or major security enhancements as we grow.

    Conclusion

    Earning a SOC 2 Type I attestation is a major accomplishment for our entire team at Caddi, but it’s also a promise to you: we’ll continue investing in the policies, technologies, and best practices that keep your data secure. As we move forward to SOC 2 Type II in 2025, we’re excited to share each step of our progress and maintain the trust you’ve placed in us.

    If you have any questions about our security measures or want more details about our SOC 2 journey, reach out to us at contact@caddi.com or explore our Security & Trust page if you have one.