We are proud to announce that we have successfully completed a SOC 2 Type II audit that includes the Concrete CMS Hosting platform as well as the open source Concrete CMS project.

PortlandLabs’ security policies, procedures and practices are now deemed SOC 2 compliant as established by the American Institute of CPAs (AICPA). It was a major achievement to get a first time SOC 2 Type 2 report with a full year reporting period!

We obtained SOC 2 so that our hosting customers can feel confident that we are committed to maintaining the highest level of security to protect the sites that they entrust us to host. 

We recognized the increased demands for supply chain transparency and getting SOC 2 Type 2 for both the Concrete CMS Hosting Platform and the Concrete CMS open source project proves that we care about both our customers and the Concrete CMS community.

As PortlandLabs’ Concrete CMS Hosting becomes increasingly popular and as supply chain security is increasingly under a microscope, independently validating PortlandLabs’ security claims just made good sense. Getting SOC 2 also was a great way to display PortlandLabs and Concrete CMS’ ongoing commitment to security and privacy. The audit, completed by A-lign, confirms internal controls designed and implemented by PortlandLabs meet the requirements of the AICPA Security Trust Principle in alignment with the COSO Principles and Trust Services Criteria for Security. 

“We’ve learned so much over the years about how to safely and securely manage a web presence,” said Franz Maruna, Founder and CEO of PortlandLabs.  “We obtained SOC 2 so that our customers can feel confident that we are committed to maintaining the highest level of security to protect their sites that they entrust us to host.” 

The SOC 2 report, available to all existing and potential customers, provides transparent visibility of the security controls in place to protect Concrete CMS hosting clients. Users of the open source Concrete CMS can rest easy that Concrete CMS is both ISO 27001 certified and SOC 2 compliant upon download.

PortlandLabs is also compliant with the controls for FedRAMP Moderate, DoD Impact Level 2, ISO 27001, HIPAA, HITECH, COPPA, GDPR, CCPA and PIPEDA. 

To request a copy of the SOC 2 report simply ask below: