RunPod Achieves SOC 2 Type I Certification: A Major Milestone in Security and Compliance
RunPod has successfully completed its SOC 2 Type I audit, conducted by Sensiba. This marks a significant milestone in our commitment to security, compliance, and trust for our customers and partners.
What is SOC 2 Type I?
SOC 2 (System and Organization Controls 2) is a widely recognized information security framework developed by the American Institute of Certified Public Accountants (AICPA). The audit evaluates an organization’s controls relevant to the trust services criteria, including security, availability, processing integrity, confidentiality, and privacy.
A SOC 2 Type I report assesses the design and implementation of these controls at a specific point in time, ensuring that our security measures meet the highest industry standards. We are proud to share that RunPod’s SOC 2 Type I report was issued with a clean audit opinion, meaning no exceptions were found.
It is important to note that while we have just achieved SOC 2 Type I certification, our data centers have already been SOC 2 Type II certified. This demonstrates that the physical infrastructure supporting RunPod meets rigorous ongoing security and compliance standards.
A Company-Wide Effort
Achieving SOC 2 Type I certification required extensive effort across the organization. We want to extend a huge thank you to the following individuals who played a critical role in making this happen:
- Rutvik Patel
- Brennen Smith
- Jenilee Angeles-Pasco
- Pranjal Jain
- Jamie Ilario
- Jean-Michael Desrosiers
Your dedication and hard work have been instrumental in achieving this milestone, and we appreciate everything you’ve done to ensure RunPod meets the highest standards of security and compliance.
What This Means for Our Customers
Our SOC 2 Type I certification reinforces our commitment to safeguarding customer data and maintaining secure cloud infrastructure. Customers and partners who require a copy of the SOC 2 report can request it through Drata, subject to a signed NDA. Please note that the report cannot be shared without completing this process.
What’s Next? SOC 2 Type II, HIPAA, and GDPR Compliance
Security and compliance are ongoing commitments. Beginning March 1, we will embark on our SOC 2 Type II audit, which involves a six-month evaluation period. This assessment will validate that we not only have the right controls in place but that we consistently follow them over time.
In parallel, we will also be working towards HIPAA and GDPR compliance. As we receive increasing requests for Business Associate Agreements (BAAs) and Data Protection Agreements (DPAs), aligning with these standards will further strengthen our ability to support customers in regulated industries.
Moving Forward Together
RunPod’s successful SOC 2 Type I audit is a testament to our ongoing commitment to security and operational excellence. As we continue this journey, we remain focused on delivering a secure and reliable platform for our users.
Thank you to everyone who contributed to this achievement—we look forward to the next phase of our compliance journey!