Keeping your data safe and secure is one of our highest priorities. We know how important it is that your info — and your content — is properly stored and protected. That’s why we’re excited to announce that Vimeo now has a SOC 2 Type 2 report.
With the ever-evolving landscape of security needs, we are committed to building upon the measures we employ to protect our creators. But what does this SOC 2 Type 2 report mean for Vimeo and, more importantly, for you? Let’s break it down.
What does SOC2 stand for?
SOC 2 stands for System and Organization Controls (SOC). It’s the second of three types of audits and reports designed to assess security at an organization.
What is an SOC2 Type 2 report?
Put simply, a SOC 2 Type 2 report is an internal controls report meant to capture how a company safeguards customer data, and assesses how well those controls are operating.
The report provides an independent assessment of Vimeo’s security and privacy control environment. It includes a description of the controls, the tests performed to assess them, the results of these tests, and an overall opinion on the design and operational effectiveness of those security efforts. Audits for the Vimeo SOC 2 Type 2 report will be performed annually.
What does our SOC 2 Type 2 Report mean for you?
This report means you can rest assured that the data you share with Vimeo meets the AICPA standards for security.* (That goes for your personal info, as well as the security needs of your videos.)
To learn more about what our SOC 2 Type 2 report means for you, you can reach out to your support representative. You can also check out the help center article on our SOC 2 Type 2 report for more info.
How does Vimeo’s SOC 2 report fit into our overall approach to security?
These policies and procedures ensure ongoing monitoring to maintain security across our organization. We will conduct ongoing reviews of products, features, and our development policies and procedures. At Vimeo, we want to ensure our approach to security is like anything else we do — iterative and collaborative.
Within the last year, our internal security team has grown substantially from a few individuals to an exceptionally dedicated team. This growth has allowed for the development of a world-class security program and successful completion of the SOC 2 Type 2 Report.
* Vimeo’s SOC 2 Type 2 Report covers the AICPA’s Trust Services Principle and Criteria of Security. The report also includes a mapping of the controls tested to ISO/IEC 27001:2013 Annex A / ISO/IEC 27002:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2014, HIPAA security requirements, and FFIEC’s examination guidelines for GLBA Information Security.
Olivia Fowora is a Compliance Manager at Vimeo on the Vimeo Security Team. She is building a team that focuses on information security, vendor management, security awareness, audit response, privacy, risk, governance and continuous monitoring activities.