How to Comply

LaunchDarkly recently pursued SOC Type 2 compliance, which had significant impact on their engineering operations and development teams. The process was made easier due to the founding engineering team's experience and philosophy. It is recommended that businesses view certification criteria as benefits of good business practices rather than just a means to sell into certain customers or verticals. Key security principles include least privilege access, limiting data collection, using multi-factor authentication, planning for employee onboarding and offboarding, incorporating account context in logs, building for failure, keeping documentation up to date, and making security part of the company's foundation and culture.