As of July 2022, Tango is officially SOC 2 Type 2 compliant. Security has always been a priority for us, and achieving full SOC 2 compliance is a huge milestone for our company. Read on to learn more about SOC 2 and our commitment to protecting customer data. 

What is SOC 2?

Developed by the AICPA, SOC 2 is a compliance standard that ensures a company is securely handling customer data. To meet SOC 2 standards, organizations must establish policies and procedures, demonstrate adherence to their security controls, and undergo an independent third-party audit each year.

Why did Tango prioritize SOC 2 compliance?

Tango was created to help people be their best at work. In order to do so, we need to ensure that everyone can download and install Tango on their work computers. For many companies, introducing a new tool requires passing security reviews and getting IT approval, not to mention trusting it with company data.

We take this responsibility seriously. While many companies invest in SOC 2 compliance at a later stage, we prioritized it early on so you can confidently use Tango within your work environment. For us, SOC 2 compliance goes beyond checking a box or collecting a badge - it signifies an ongoing commitment to operational excellence and data security. 

What did we do to achieve SOC 2 compliance?

To achieve SOC 2 compliance, we implemented 100+ security controls across the Tango organization. These range from people processes (eg. mandatory security training and employee background checks) to technical checks (eg. daily backups, encryption, and multi-factor authentication). Following the implementation of these controls and processes, we passed an audit by MJD Advisors, our independent examiner, and received our Type 1 report. 

Over the next 4 months, we continued to uphold these processes while strengthening our security posture with a third-party penetration test. We diligently remediated the findings, resulting in a clean retest with no critical or high severity vulnerabilities. In July 2022, we passed our second audit to receive our Type 2 report. 

We also perform regular vulnerability scans, complete risk assessments of our vendors, and practice implementing business continuity plans to minimize customer disruption. To streamline the data collection process, we’ve partnered with Drata, a compliance automation platform. Drata continuously monitors our SOC 2 controls and notifies us of any potential risks so we can react quickly.

What does this mean for you?

We know the content you capture in Tango - from training manuals to SOPs - is essential to your business. Even though we are a young company, our SOC 2 compliance certifies that we treat your data with enterprise-grade standards.  

What’s next?

Becoming SOC 2 compliant is just one piece of our commitment to being enterprise-ready. We’re also building enhanced capabilities for user administration, authentication, and content controls. If you'd like to learn more about what SOC-2 means, please visit the Tango Security page where you'll find further information and links to our Trust Center where documents can be requested. If you are hoping to bring Tango to your broader organization in light of this news, please complete our Enterprise Inquiry form and someone from our team will be in touch.