SOC reports are independent, third-party reports on an organization’s procedures around security, availability, processing integrity, confidentiality, and privacy.

SOC 2 reports are based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) existing Trust Services Criteria (TSC).

TestRail maintains compliance with SOC 2 auditing procedures and has received a SOC 2 Type 1 certification. To produce the SOC 2 report, all of TestRail’s control, security, and risk management processes are reviewed by an independent third-party auditing firm, including but not limited to:

• 24/7 Proactive Monitoring: All our systems are continuously monitored for security, availability, and performance

• SSL/HTTPS Encryption: Communication with our servers is securely encrypted using SSL, HTTPS, and TLS

• Automatic Updates: Benefit from complete maintenance with an automated system and application updates

• Professional Data Centers: We exclusively use leading data center providers with excellent physical security controls

• System & Data Backups: All our systems are regularly backed up for disaster recovery and system outages

• Data Protection: We are bound to very strict German and European data protection laws

• High Availability: Full redundancy of all important systems and world-class data connectivity

• Database Isolation: Separation of customer data with database-level isolation and access permissions

• Access Permissions: Fine-grained access control via system permissions, roles, and network addresses

To learn more about TestRail’s security processes or for other compliance-related information, visit our Policies & Procedures page.