We're SOC 2 compliant — Here’s why that matters for you
Laurel’s vision is to organize the world’s work. While our first act is measuring time, our data will eventually empower workers to spend their time only on what matters.
That vision, however, is predicated on protecting your most important asset. That’s why security, ethics, and data privacy have been a part of our DNA since our founding. In fact, we wrote down our ethical positioning before we ever wrote a line of code:
Today, and many lines of code later, we are proud to announce that we have received our SOC 2 Type 1 report (you can check out the official press release here). The audit affirms our practices, policies, procedures, and operations all meet the SOC 2 standards for security, availability, and confidentiality. A lot of words that translate to: we now have external validation of what we’ve been doing internally since Day 1.
What's in the report?
The report confirms that Laurel met the highest industry standards when it comes to keeping information safe. It was conducted by Barr Advisory, a leading professional services firm, including detailed explanations of our:
- Strong authentication controls and limited access to data. We enforce computer controls with Jumpcloud and limit access to customer data to those who need it to do their job. Any access to customer data is time bound and logged and monitored for appropriateness.
- Continuous controls monitoring and incident response. We do ongoing compliance monitoring to ensure that the key configurations our controls rely upon are in place, and that we're able to quickly respond to any issues that may arise.
- Employee security awareness. We run background checks prior to hiring and provide security training for all employees during onboarding and on an ongoing basis.
(If you’d like to see even more detail on our security protocols, look here).
SOC 2 Type 1 is just a moment in time — we are currently in the Type 2 phase and will share with you that report in the second half of this year.
The People Behind the SOC
None of this would have been possible without four critical members of the Laurel team.
- Eric Etherington, our CISO, who previously led security at Dolby Laboratories and Notion
- Suhel Ahmed, our VP of Engineering, who led his previous company Iterable through their SOC certification
- Nat Welch, our Head of Infrastructure, who went from organizing the world’s information at Google to organizing the world’s work at Laurel
- Chris Ramos, our General Counsel, who came to Laurel from Paul Hastings and Greenberg Traurig
This SOC 2 report is for them and our customers. We want to make it easier than ever for any law, accounting, or consulting firm to outsource timekeeping to machines. And while AI has dominated the news cycle lately, we have been working on applying AI to timesheets for the past half-decade. So if you've been wanting to use Laurel at your organization, the time is now.
If you're a Laurel customer and want to learn more, reach out to your Account Manager to see our full SOC 2 Type 1 report.
And if you're thinking about potentially bringing Laurel into your organization, you can contact sales here and mention you're interested in receiving a copy.