This week we have two big announcements to make as we get ready for the next phase of June's growth.

We're a small scrappy team of passionate product builders, but we're also a company that's growing fast. So today we're happy to announce two big milestones that show how much we're maturing as a company.

First, we're excited to announce that we've completed our SOC 2 Type II audit. This is a big deal for us because it means we've been able to prove to our customers that we take security seriously.

SOC 2 Type II audit

After 9 months of hard work we successfully completed our SOC 2 Type II audit.

Security has always been a top priority at June. We have focused on making all aspects of the service secure, including product design, server architecture, and employee access. Now, automated monitoring through Secureframe and formal policies allow us to stay up to date on our security at all times.

For customers that wish to receive a copy of the report, please email security@june.so.

What is SOC 2?

SOC 2 stands for Service Organization Control 2. It is a set of standard rules and guidelines for companies to be secure.

There are two types of SOC 2 audits:

• SOC 2 Type I: This report tells you that the company has the right security controls in place. It does not tell you if the company is actually following those controls.
• SOC 2 Type II: This report tells you that the company has the right security controls in place and that they are actually following those controls as verified by an independent auditor.

So in our case when we started receiving requests for SOC 2 reports we decided to go for the Type II audit directly. This is because the way we see it a Type I report is not very useful to assess that a company takes security seriously.

The interesting thing about SOC 2 for someone that is not a security expert is that it's not that much about the technology. It's more about the processes and policies that a company has in place.

For instance making sure that every 3 months a security meeting is held with an agenda of items to review. Or making sure that every time a new employee is hired they have to go through a security training.

How long did it take?

We started our process in June 2022 as something we were doing in the background. As a first step we audited all of our infrastructure and security controls. We then started making changes to the way we encrypt data and how we handle access to our systems.

Once we knew we had the right controls in place we started the actual audit, which took 3 months. The way the audit works is that you want to set policies and observe them for a period of time. This is because you want to make sure that the policies you have in place are actually followed by your employees.

For companies approaching their first audit, we think starting with a 3 month observation period is a good idea.

This way you get your report in a quarter and get comfortable with the process. As you grow as a company you then start increasing the observation period to 6 months and then 12 months.

The other important thing in these audits besides getting the right type of audit is to make sure you have the right partner.

As a small startup you'll start with a smaller firm that understands SaaS businesses and startups. In our case Modern Assurance was very helpful and understanding of our business and infrastructure.

They understood very well how automated compliance software works and only asked manual questions of things that can't be covered by software.

As companies grow they start having demanding customers that expect these audits to be done by Big 4 firms. That being said unless you're a unicorn or a public company we don't think it's worth it to spend the extra money on a Big 4 audit.

What are the benefits of a SOC 2 audit?

The main benefit of a SOC 2 audit is that it gives you a lot of credibility with your customers. It also gives you a lot of credibility with investors and other stakeholders.

For a data company like us it's also important because it shows our commitment to security as a priority with something that is very tangible.

How much does it cost?

The cost of a SOC 2 audit depends on the size of your company. For us it was in the $10-20k range. The way the cost was split up was based on the software cost (Secureframe) and the audit cost.

There are currently a lot of software vendors that are trying to make this process easier. This means you can negotiate a lower price for the software you use to automate parts of the audit.

For the audit itself every auditing software company (Secureframe, Vanta, Drata etc..) uses the same auditors that charge the same price.

What else do you need to do to be secure?

In our experience a SOC 2 Type II audit is a good way to set industry standards for your security. However, it's not the only thing you need to do to be secure.

What we think also had a big impact is having an external penetration test done by a company like On Security. We did this before getting our SOC 2 audit and it was very helpful in verifying if there were any holes in our security.

Having a team of penetration testers actually try to break into your systems is as important as having the right company processes in place.

Our new logo

We want to be the analytics company that is known for its product and design. So we care a lot about how we present ourselves to the world.

We've been working on a new logo for the past few months and we're excited to share it with you today.

But before we get into the details of the new logo, we want to share a bit of the thinking behind it.

Why a new logo?

The first reason is inspirational. June has grown a lot since we started. It is not anymore just the simple product analytics for startups. It has evolved into a fully fledged product analytics for B2B SaaS. That helps them activate and retain accounts as they scale. The second reason is technical. Over the past 2 years we learned that a great logo actually needs to follow some rules. In particular 3 rules:

1. A logo should be immediately recognizable
2. A logo should be readable
3. A logo should fit well on any marketing materials

We noticed many times that our logo didn’t respect these rules.

So a few weeks ago we decided to partner with an expert to revamp it!

After meeting a few designers we decided to partner with Jord. We love Jord’s craftsmanship. It matches our belief that bringing great things to the world requires sweat and passion.

Enzo wrote a full blog post about the process and the thinking behind it. We also shared a some of the design and sketches that got us to the final logo.

Other improvements

• We introduced the same reports we added to companies last week to audience pages. This way we automatically generate reports for your audiences too, like "paying users" or "users that have been active in the last 30 days".
• We added a weekly and monthly view to the explorer report. This way when you're looking at long periods of time, you can get a better sense of how frequently certain events happen.
• We introduced a self-serve flow to request workspace deletion. You can now verify you stopped sending data to June and delete your workspace from the June dashboard. This is a great way to make sure you delete all your data from June in case you don't need it anymore 😢