Arnica logo

Arnica achieves SOC2 Type 2 & ISO27001 compliance

Arnica has achieved SOC2 Type 2 and ISO27001 compliance in order to provide customers and users with 3rd party validation of our data handling approach and security posture.

Customer driven

Arnica is built with the primary purpose of securing our customers’ development environments, including tier 1 application services such as Source Code Management (SCM) tools (like GitHub and Azure DevOps) and Continuous Integration / Continuous Delivery (CI/CD) pipelines. As organizations implement a secure Software Development Lifecycle (SDLC), the tools they use – like Arnica – need to proactively demonstrate that they will be effective security partners. To that end we at Arnica felt, even at our early stage, that it is critical that we implement, maintain, and validate the highest possible standards for our data handling architecture, Information Security Management System (ISMS), and Application Security program by attaining our SOC2 Type 2 and ISO27001 certifications.  

3rd party validated

While Arnica is an organization of tenured security professionals, we felt it was imperative that we evaluate our security posture and processes using effective 3rd party auditing. Arnica partnered with Prescient Security, one of the preeminent security and compliance auditing agencies, to conduct a thorough 3rd party evaluation of our security posture and Information Security Management System (ISMS) against SOC2 and ISO27001 compliance requirements before and during the observation window for both SOC2 and ISO27001.  

Compliance learnings (and the future of Arnica)

In parallel to our own compliance audit process, we have been working diligently to understand the compliance challenges associated with implementing an effective software supply chain security posture. We are eager to incorporate our learnings to provide security professionals with continuous compliance tools and compliance reporting to make security and compliance easier for AppSec & DevSecOps professionals.  

Please contact if you would like to receive a copy of our SOC2 Type 2 report as part of an evaluation of Arnica’s software supply chain security solution.  

About Arnica

Enterprises today are faced with the need to harden their DevOps ecosystem to combat the proliferation of Software Supply Chain Attacks. These organizations are faced with the growing challenge of balancing development velocity, cost efficiency, and security.

Managing excessive developer permissions and identifying corresponding anomalous behavior are two obstacles in the way of establishing this equilibrium. Arnica was established to solve these obstacles by providing a seamless and frictionless active mitigation platform for exactly these issues and more. Arnica is the easy button for DevOps security.

Arnica analyzes excessive permissions, code risks and misconfigurations across the developer toolset and mitigates them.

Contact Arnica Press Team