Gitea's Journey towards SOC 2 Compliance

At Gitea, we understand the value that trust plays in any partnership, particularly when it involves managing and protecting valuable digital assets. As part of our ongoing commitment to uphold the highest security and confidentiality standards, we are proud to announce that Gitea is on its way to obtaining SOC 2 (Service Organization Control 2) certification.

What is SOC 2 Compliance?

SOC 2 is a universally recognized auditing standard developed by the American Institute of CPAs (AICPA). It is specifically designed for service providers storing customer data in the cloud. SOC 2 certification assures services are securely managed to protect the interests and privacy of clients and their data.

SOC 2 reports focus on five trust service principles:

  • Security: Protection against unauthorized access (both physical and logical).
  • Availability: Systems are available for operation and use as agreed.
  • Processing Integrity: System processing is complete, accurate, timely, and authorized.
  • Confidentiality: Information designated as confidential is adequately protected.
  • Privacy: Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the privacy notice.

Our Commitment

Our decision to become SOC 2 compliant is an indication of our continuous effort to instill confidence and provide our valued users with a secure, reliable platform. This certification will validate that we have established effective controls surrounding the security, availability, and processing integrity of the systems we use to process users' data and the confidentiality and privacy of the information processed by these systems.

The Path to Compliance

To achieve SOC 2 compliance, we are undergoing a thorough evaluation guided by external auditors. This process validates the design and operating effectiveness of our policies, communications, procedures, and monitoring in the areas of security, availability, processing integrity, confidentiality, and privacy related to our platform.

What This Means For Our Users

When our SOC 2 certification process is complete, users can be assured of two key points:

  1. Data Security and Privacy Assurance: Your data is managed following rigorous security standards, and privacy is held with topmost priority.
  2. Trust and Transparency: Our processes and controls are continually audited by an independent third-party to verify Gitea's commitment to maintaining a resilient, reliable service.

We eagerly anticipate finalizing this certification and strengthening the ties of trust and security we have with all members of the Gitea community. Thank you for your trust and support as we embark on this journey toward SOC 2 compliance.