ISO certification and beyond: How Coda ensures enterprise readiness

Learn about our new ISO certificates and all the ways Coda is equipped for the enterprise.

Khoi Pham

IT Lead at Coda

ISO certification and beyond: How Coda ensures enterprise readiness

By Khoi Pham

Share this article

Share on TwitterShare on LinkedInShare on Facebook
IT · 4 min read
For the software world, the standards published by ISO (the International Organization for Standardization)—and the certifications they award for meeting them—are an important indicator of quality and reliability. That’s why we’re excited to share that Coda has obtained three new ISO certificates:
  • ISO/IEC 27001:2022—guidance for establishing, implementing, maintaining and continually improving an information security management system.
  • ISO/IEC 27017:2015—controls and implementation guidance for cloud service providers.
  • ISO/IEC 27018:2019—a code of practice for protection of personally identifiable information.
Coda is already trusted by enterprises like DoorDash and the New York Times thanks to our continuous commitment to high standard security, risk, and compliance programs. Receiving these certificates is further proof of that commitment and Coda’s enterprise readiness.

What does “enterprise ready” mean?

Being enterprise ready means, at its simplest, having a product that can meet the needs of larger organizations. Due to the scale at which they operate—and the amount of data they use or generate— enterprises typically have more complex and specific needs than smaller businesses. This means not only does the product need to work for large teams, handle bigger volumes of data, and adapt to more complex business processes, it also needs to be reliable, secure, and compliant. That equals minimal downtime, adhering to recognized security standards, and complying with global privacy laws.

How Coda ensures enterprise readiness.

When you trust us with your data, we take that responsibility very seriously. Our security strategy at Coda is built upon well-established principles such as defense in depth, least privilege, and attack surface area reduction. The ISO certifications we’ve received recognize our commitment to maintaining and adhering to strict standards around information security, availability and data integrity, and data privacy—all of which are especially important for being enterprise ready. To ensure these standards are met, we continuously invest in measures both inside our product, and in the processes we use to develop it. Our security investments are divided in to two core areas: Coda’s internal security—application security, infrastructure security, and compliance—and Coda’s product security features, which our customers use to customize their own security settings within the product.
Here’s an overview of these measures but for a full rundown, take a look at our security page or our security whitepaper. If you have specific security questions or needs, our team is always happy to chat.

Product security features.

Coda offers enterprise-grade product security features to give you more control, visibility, and flexibility. These include:
  • Authentication: Coda offers a wide range of authentication methods, including SSO with SAML 2.0, sign-in with Google, Microsoft, Apple, Magic links, and basic two-factor authentication. Enterprises can also customize authentication policies and provision/de-provision users through SCIM.
  • Access control: To ensure users only have access to what they need, Coda offers controls on docs, folders, Packs, and workspaces. Enterprises can set advanced sharing policies and govern user authentication, doc sharing, publishing, folder creation, data export, file uploads, and session duration.
  • Auditing: Coda provides detailed audit events to help enterprises with proactive security monitoring and forensic investigations. Easily view, filter, and search audit events with the in-product dashboard, or access audit logs for the past 12 months with Audit APIs.
  • Enterprise policies and dashboards: Enterprises can set policies to govern users, docs, and Packs, including authentication, external and inbound sharing, data exporting, and publishing. Advanced admin dashboards make it easy to manage workflows, such as managing members, auditing events, managing publicly shared docs, and more.
  • Advanced integration controls: Enterprises have full control over what data can be brought into Coda, who can bring it, and who can access it via third-party integrations. By employing Pack controls, teams can ensure that only authorized individuals are allowed to access that data within Coda docs.

Application security.

We’re committed to using processes, tooling, and practices that enable us to continuously design and develop secure software. Our Secure Development Lifecycle program is integrated into various phases of our software development process to continuously produce secure software. This includes annual security trainings, and threat modeling as an integral part of the design process. We also conduct annual penetration tests by reputed security research firms, and run a public bug bounty program through HackerOne.

Infrastructure security.

Coda is built from the ground up using AWS security best practices and well-established security principles, including defense in depth, least privilege, and attack surface area reduction. We follow AWS best practices for network security using services like AWS CloudFront, AWS WAF, AWS security groups, and VPCs. We also employ multi-factor authentication, RBAC, and just-in-time access for secure service management, plus log audit events and monitor all infrastructure layers for security threats.

Compliance.

Coda adheres to global privacy laws and security standards, with measures in place to help you meet your compliance obligations. This includes SOC 2 Type II attestation and full compliance with European General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) provisions. And, of course, our new ISO certifications as detailed above.

Is your enterprise ready?

Being enterprise ready is more than just checking the boxes. At Coda, we work to continuously improve and evolve our product and processes to meet the needs of our enterprise customers, so they can trust and use Coda for their daily work. If you’re ready to learn more, take a look at our security whitepaper or get in touch for a demo.

Related posts

Explore more stories.
Elevating IT teams with Coda

Making your IT team more functional and efficient.

Integrate OKRs with agile epics

Integrate your objectives and key results (OKRs) with your epics (agile).

Accelerate execution

Feel more in control and make better decisions with your engineering teams.