Community Building Starts with Trust: Orbit SOC 2 Compliance

Trust is the foundation of community. Communities rely on the free flow and transfer of information to foster learning, growth, and mutual respect. If members don’t trust their personal data and information is safe, they may hesitate to participate in community activities or abandon the community entirely.

Community builders must intentionally build trust, and continuously re-earn trust over time to create the conditions for the community to flourish. This can look like establishing community moderation guidelines, mandating secure data access practices like single sign-on (SSO), and achieving compliance standards like SOC 2.

Orbit is SOC 2 Certified

To proactively build trust with our community of users, Orbit is pleased to announce we meet SOC 2 security compliance. Orbit’s control environment is tracked and maintained with the help of our partners at Kintent.

SOC 2 is a transparent way to verify that Orbit is continuously taking steps to prevent the spread of ransomware, data breaches, and other security threats.

As part of this certification, Orbit underwent a SOC 2 Type 1 attestation audit and is subsequently starting a Type 2 audit to prove ongoing compliance over the next year to ensure we are staying ahead of the latest security requirements.

🔐 Orbit users can request our SOC 2 audit reports at any time.

SOC 2 certifies organizations across five principles of trust: security, availability, confidentiality, processing integrity, and privacy.

While these terms are susceptible to hype and jargon, they do have very real meanings and distinctions. Let’s break them down in a clear and concise way:

• Security is the act of protection against unauthorized access, disclosure, and damage that can compromise a system’s privacy and integrity. Harm reduction measures like password protection and multi-factor authentication can help improve security.
  
  
• Availability is the operational uptime and performance of systems by ensuring measures are in place for disaster recovery, performance monitoring, and data backups. This means users will have a consistent experience wherever they are located.
  
  
• Confidentiality means that private information remains private unless granted explicit permission. This applies to all steps of the information life cycle from collection, processing, and disposal.
  
  
• Processing integrity ensures that information is processed in a consistent and reliable manner without unexplained errors.
  ‍
• ‍Privacy is the notion that someone can withhold information or details for comfort or safety. The user is in control of who is allowed to know certain information and who is not.

This SOC 2 compliance means Orbit satisfies these criteria, having put in place the system and organization controls necessary to ensure our customers' needs.

‍Five Orbit features that improve user and member security

As a community builder, it’s important to make sure you are always striving to improve member security–from user logins and conversations to the community data itself.

Orbit offers features and capabilities that make it easier to protect member information and build trust within your community. Here are a few of them:

Permission management

Permission management empowers you to securely share community data and reporting with your team. You’re in control of who has access to community data by adding, removing, or assigning a member as an owner of a workspace.

Identity blocking

Ensure compliance with user data standards. If a user requests that you do not capture their data, you can block member or activity creation for those specific usernames and email addresses. You can also use this feature to prevent spam accounts or irrelevant data from muddying community data.

‍Audit log

‍Stay on top of the latest security updates with the Orbit Audit Log. Under "Settings", we display a running list of changes made to your workspace, including security updates, workspace changes, integrations, and more.

Single Sign-On (SSO)

‍Streamline the log-in experience, reduce password fatigue, and enhance security at the same time. SSO makes it fast to log in to Orbit while making it easier to track user activity across profiles and minimize Shadow IT.

Multi-Factor Authentication (MFA)

‍Protect your user identity, prevent password fraud and improve ease of signing in. Get notified and verify every time you log in. If someone attempts to use your account without your knowledge, you’ll be notified right away. Verify your identity from multiple sources like phone calls, text messages, and personal email.

Best practices for building trust

Even with these measures and certifications in place, the responsibility for building trust within the community also lies with you, our platform users.

Here are some practices you can adopt when managing and interacting with your community through Orbit.

• Unique passwords: Make unique passwords for all your logins and change them regularly. It can be helpful to use a  manager to securely keep track of passwords across platforms. If you can, enable multi-factor authentication wherever you can- it’s shown to block over 99.9% of account compromise attacks.
  
  
• Reduce third-party integrations: Anytime you add an integration or software to your workspace, you make you and your community open to more vulnerabilities. Only integrate with platforms you trust and reduce the number of unnecessary integrations.
  
  
• Establish conduct standards: Outline expectations for community conduct with clear consequences should those standards be violated. This establishes trust among existing members and signals to new members that they are welcome and respected in your community.

‍

To learn more about SOC 2 compliance and what it means for you, we’ve compiled a list of resources for you:

• Orbit Audit Documentation
• Institute of Certified Public Accountants
• SOC for Service Organizations

‍Sign up for Orbit for free to learn more about the power of community.