Berkshire Grey and the Importance of SOC II Compliance

By Austin J. Richardson, Systems and Security Engineer

In a world where consumers are expecting deliveries faster, labor is in short supply, and information security is of ever-growing importance, ensuring that supply chain operations are physically and digitally resilient is a growing need for any company looking to outsource in these areas. In the case of robotic automation, information security goes beyond ensuring operational efficiency of the robots, but also ensuring that people, products, and other supporting infrastructure are safe from cyber-kinetic attacks.

There are many way vendors can prove that their information security processes can be trusted. Many voluntary compliance standards exist to this end, with SOC II being one such standard. SOC II in particular is critical for evaluating potential B2B vendors, providing assurance that services provided by compliant vendors will be resilient and confidential.

In more detail, a SOC II audit focuses on the security, availability, processing integrity, and confidentiality of customer data. It evaluates the company’s systems, policies, and procedures to ensure they align with the industry’s best practices for data protection and operational resilience.

What This Means for our Customers

Berkshire Grey’s commitment to SOC II compliance has many interlinked controls. Having attained SOC II compliance means that we’ve:

• Demonstrated our policies and approach for various emergency management scenarios, including business continuity, disaster recovery, and cybersecurity incident response
• Proven the security of our data stores, including encryption in transit, encryption at rest, and managed access to said data stores
• Demonstrated our controls for making changes to production environments, including the segregation of duties for involved personnel
• Provided evidence of systems to monitor our infrastructure and systems for malicious activity
• Provided reports on our vulnerability and patch management processes
• Provided evidence demonstrating that user access is managed and adheres to the principle of least privilege
• Demonstrated our process for managing third party risks

With these standards in place, customers can rest assured that the services provide are resilient enough to meet the rigorous needs of modern supply chain operations and secure enough that customers can be confident that their data is handled in accordance with industry standards. As Kyle Maroney, VP of Software Engineering put it, “Completing the SOC II audit is a significant milestone that reinforces our dedication to meeting and exceeding industry standards, while delivering innovative solutions that empower businesses to optimize their operations.”

Looking Ahead

Compliance is a continuous process, and robotics and artificial intelligence industries are undergoing a great deal of change. SOC II compliance means that we’ll be keeping up with technological advancements and monitoring the effectiveness of our compliance efforts as things change. It is a single step on our journey to revolutionize supply chain operations to be as fast and resilient as ever.