We are in the midst of a financial audit, and the auditors are asking for a SOC Report for the snowplow tracker.
Does anyone have experience with the Snowplow tracker being part of your Financial/IT Audit?
Does a SOC Report for the Snowplow tracker exist?
Or does anyone have useful experiences/tips/suggestions regarding the topic?
Hope you can help!
Hey @eromein I’ve reached out to some people inside Snowplow to offer some advice here, so we should have something from Snowplow to share over the next day or two.
Still open for some community responses though
Hi @eromein, welcome to the community!
We (Snowplow Analytics - owners of the repos) do not have a SOC Report for the trackers.
Our team has recently become ISO 27001 certified for our approach to information security. We are looking to add SOC 2 in the future, but we don’t have a date for this yet.
The Insights - managed Snowplow in your cloud - pipeline stack is pen tested regularly and performs very well. The only other assurance I can give is that our approach to the pipeline stack is mirrored in the trackers and we have an experienced, security conscious team working with them.
Sorry I’m not able to provide anything more formal at this time, @eromein.
Thanks you so much Stevecs. Appreciate your time!
If anything comes to mind later, please let me know I’ll keep monitoring the topic.