January 28, 2021

Descript is Now SOC 2 Type I Compliant

Since Descript was founded, we’ve treated the security, confidentiality, and privacy of our users’ data with the utmost care. We know that the data our users share with us ranges from the personal to the proprietary, and we take our responsibility to protect that data very seriously.
January 28, 2021

Descript is Now SOC 2 Type I Compliant

Since Descript was founded, we’ve treated the security, confidentiality, and privacy of our users’ data with the utmost care. We know that the data our users share with us ranges from the personal to the proprietary, and we take our responsibility to protect that data very seriously.
January 28, 2021
Chris Zaldúa
In this article
Start editing audio & video
This makes the editing process so much faster. I wish I knew about Descript a year ago.
Matt D., Copywriter
Sign up

What type of content do you primarily create?

Videos
Podcasts
Social media clips
Transcriptions
Start editing audio & video
This makes the editing process so much faster. I wish I knew about Descript a year ago.
Matt D., Copywriter
Sign up

What type of content do you primarily create?

Videos
Podcasts
Social media clips
Transcriptions

Since Descript was founded, we’ve treated the security, confidentiality, and privacy of our users’ data with the utmost care. We know that the data our users share with us ranges from the personal to the proprietary, and we take our responsibility to protect that data very seriously.  

Today, we’re proud to announce that we are SOC 2 Type I compliant, and we expect to be SOC 2 Type II compliant in 2021. That means that the integrity of the systems we have in place to protect our users’ data has been verified by an independent auditor, and we will continue to conduct these audits regularly.

“Descript’s systems and security are trusted by companies such as The New York Times, HubSpot, NPR, and Al Jazeera,” says Jay LeBoeuf, Descript’s Head of Business Development. “Our SOC 2 certification and Single Sign-On (SSO) support now allows Enterprise clients to rapidly integrate Descript into their existing teams and workflows.”

What is SOC 2 compliance, and why does it matter?

SOC stands for Systems and Organizations Controls, and it refers to a series of reports produced and administered by the American Institute of Certified Public Accountants (AICPA) during an audit of an organization like Descript. SOC 2 specifically covers controls relevant to security, availability, processing integrity, confidentiality, and privacy. Together, these overlapping concerns ensure your data is adequately protected within the organizations you share it with.

“The privacy, confidentiality, and security of our users’ data has been a top priority for us since day one, and a lot of the work that we’ve done over the past year to achieve SOC 2 compliance has been formalizing internal policies and automating security controls to help us scale this culture as we grow the company,” says Sunny Rochiramani, Vice President of Engineering at Descript.

SOC 2 Type I confirms compliance at a specific point in time: In Descript’s case, December 15, 2020. SOC 2 Type II confirms continued compliance six months after Type I, and we expect to certify this compliance later in 2021.

What steps were involved in achieving SOC 2 compliance?

Because of the work we had already done to protect our users’ privacy and the security of their data, attaining SOC 2 Type I compliance was primarily about codifying policies already in place and automating security reviews.

Some of the work we did to earn SOC 2 Type I compliance was:

  • Ensuring secure credentials for Descript team members, including generating cryptographically secure passwords for all team members with a company-wide password manager, encrypting team members’ hard drives, and requiring two-factor authorization for any team member with access to critical infrastructure services
  • Partnering with Vanta to provide continuous monitoring of SOC 2 required controls, cutting down our overhead incurred to ensure we stay compliant over time
  • Reviewing and codifying our policies to protect user data, which includes requiring users’ explicit permission to allow Descript team members to access their data for the purpose of customer service, and logging requests to access user data on our servers for future audits
  • Enforcing infrastructure security, including third-party security reviews on application code and automating our monitoring and alert systems

Where can I read more about the systems and policies in place to protect user data?

For detailed information, visit our Security and Confidentiality page, which contains an overview of Descript’s data security and confidentiality systems. In a nutshell: Your Project data — the files you upload to Descript, the transcripts of those files, and other associated metadata — are confidential, even from Descript, and if you delete your data, we permanently delete it from our servers.

Our Privacy Policy explains in full how we collect information from our users, how we use that information, and how we disclose that information. Our Terms of Service governs use of and access to Descript’s audio editing and transcription tools.

Where can I obtain a copy of Descript’s SOC 2 report?

Our SOC 2 report is only available to our Enterprise clients. Please visit our Pricing page to discover the features of Descript Enterprise accounts, and contact us to learn more about becoming an Enterprise client.

Chris Zaldúa
Former marketing writer at Descript. Covers interesting customer stories, product releases, and new ways to utilize Descript to create podcast and video content.
Share this article
Start creating—for free
Sign up
Join millions of others creating with Descript

Descript is Now SOC 2 Type I Compliant

Since Descript was founded, we’ve treated the security, confidentiality, and privacy of our users’ data with the utmost care. We know that the data our users share with us ranges from the personal to the proprietary, and we take our responsibility to protect that data very seriously.  

Today, we’re proud to announce that we are SOC 2 Type I compliant, and we expect to be SOC 2 Type II compliant in 2021. That means that the integrity of the systems we have in place to protect our users’ data has been verified by an independent auditor, and we will continue to conduct these audits regularly.

“Descript’s systems and security are trusted by companies such as The New York Times, HubSpot, NPR, and Al Jazeera,” says Jay LeBoeuf, Descript’s Head of Business Development. “Our SOC 2 certification and Single Sign-On (SSO) support now allows Enterprise clients to rapidly integrate Descript into their existing teams and workflows.”

What is SOC 2 compliance, and why does it matter?

SOC stands for Systems and Organizations Controls, and it refers to a series of reports produced and administered by the American Institute of Certified Public Accountants (AICPA) during an audit of an organization like Descript. SOC 2 specifically covers controls relevant to security, availability, processing integrity, confidentiality, and privacy. Together, these overlapping concerns ensure your data is adequately protected within the organizations you share it with.

“The privacy, confidentiality, and security of our users’ data has been a top priority for us since day one, and a lot of the work that we’ve done over the past year to achieve SOC 2 compliance has been formalizing internal policies and automating security controls to help us scale this culture as we grow the company,” says Sunny Rochiramani, Vice President of Engineering at Descript.

SOC 2 Type I confirms compliance at a specific point in time: In Descript’s case, December 15, 2020. SOC 2 Type II confirms continued compliance six months after Type I, and we expect to certify this compliance later in 2021.

What steps were involved in achieving SOC 2 compliance?

Because of the work we had already done to protect our users’ privacy and the security of their data, attaining SOC 2 Type I compliance was primarily about codifying policies already in place and automating security reviews.

Some of the work we did to earn SOC 2 Type I compliance was:

  • Ensuring secure credentials for Descript team members, including generating cryptographically secure passwords for all team members with a company-wide password manager, encrypting team members’ hard drives, and requiring two-factor authorization for any team member with access to critical infrastructure services
  • Partnering with Vanta to provide continuous monitoring of SOC 2 required controls, cutting down our overhead incurred to ensure we stay compliant over time
  • Reviewing and codifying our policies to protect user data, which includes requiring users’ explicit permission to allow Descript team members to access their data for the purpose of customer service, and logging requests to access user data on our servers for future audits
  • Enforcing infrastructure security, including third-party security reviews on application code and automating our monitoring and alert systems

Where can I read more about the systems and policies in place to protect user data?

For detailed information, visit our Security and Confidentiality page, which contains an overview of Descript’s data security and confidentiality systems. In a nutshell: Your Project data — the files you upload to Descript, the transcripts of those files, and other associated metadata — are confidential, even from Descript, and if you delete your data, we permanently delete it from our servers.

Our Privacy Policy explains in full how we collect information from our users, how we use that information, and how we disclose that information. Our Terms of Service governs use of and access to Descript’s audio editing and transcription tools.

Where can I obtain a copy of Descript’s SOC 2 report?

Our SOC 2 report is only available to our Enterprise clients. Please visit our Pricing page to discover the features of Descript Enterprise accounts, and contact us to learn more about becoming an Enterprise client.

Featured articles:

No items found.

Articles you might find interesting

Podcasting

How to start a podcast: A step-by-step beginner’s guide

Starting a podcast is no small feat. This beginner’s guide walks you through the process of creating a podcast your audience loves.

Product Updates

How to Make Training Videos To Share Knowledge & Connect with Customers

Want to know how to make training videos? Here are some tips on what they’re best for, along with some advice on making your own.

Podcasting

The 10 most important podcast metrics to improve your show

Having hard data on your listeners’ habits can give you a sense of what’s working and what’s not. Here are the podcast metrics to look out for.

Related articles:

Share this article

Get started for free →