.png)
.png)
Draftable, as part of the Affinda Group, is pleased to announce that our Information Security Management System (ISMS) has been independently assessed as compliant with the SOC 2 framework. In addition, our existing ISO 27001 certification has been uplifted to the 2022 revision of the global information security standard. These dual milestones reflect our ongoing investment in robust information security.
The certifications
SOC 2 is an assurance framework for service providers that handle customer data. A SOC 2 Type 1 report is issued by an independent auditor after a point-in-time review of a company’s controls, confirming they are suitably designed to safeguard customer data and service availability as per the SOC 2 Trust Services Criteria for security and availability.
ISO 27001:2022 is an international standard for the management of information security. To be certified, an accredited external auditor reviews how a company manages security risks – from its documented policies through to its technical controls – and confirms that its information security management system meets the requirements of the standard. Draftable is now certified against the latest 2022 version of the ISO 27001 standard.
What this means in practice
For our customers, these certifications provide additional confidence when putting their documents and data in our hands. An independent auditor has taken a close look at how we operate, from our policies to our technical controls, and confirmed that we’re doing the right things to keep your information safe and our services reliable and resilient. Put simply, we’ve invested heavily in strong, modern security practices so you can focus on your work, knowing Draftable is protecting your data behind the scenes.
What’s next
Draftable is currently undergoing SOC 2 Type 2 certification to provide our customers with further assurance of our information security standards and capabilities.
You can download our ISO 27001 certificate of compliance and SOC 2 Type 1 attestation here, along with supporting policies and documentation. We also maintain a consolidated repository of all security‑related information and policies to enable a quick assessment of our security posture and simplify the due diligence process for our customers.
