ISO certification and beyond: How Coda ensures enterprise readiness
Learn about our new ISO certificates and all the ways Coda is equipped for the enterprise.
Khoi Pham
IT Lead at Coda
IT · 4 min read
- ISO/IEC 27001:2022—guidance for establishing, implementing, maintaining and continually improving an information security management system.
- ISO/IEC 27017:2015—controls and implementation guidance for cloud service providers.
- ISO/IEC 27018:2019—a code of practice for protection of personally identifiable information.
What does “enterprise ready” mean?
Being enterprise ready means, at its simplest, having a product that can meet the needs of larger organizations. Due to the scale at which they operate—and the amount of data they use or generate— enterprises typically have more complex and specific needs than smaller businesses. This means not only does the product need to work for large teams, handle bigger volumes of data, and adapt to more complex business processes, it also needs to be reliable, secure, and compliant. That equals minimal downtime, adhering to recognized security standards, and complying with global privacy laws.How Coda ensures enterprise readiness.
When you trust us with your data, we take that responsibility very seriously. Our security strategy at Coda is built upon well-established principles such as defense in depth, least privilege, and attack surface area reduction. The ISO certifications we’ve received recognize our commitment to maintaining and adhering to strict standards around information security, availability and data integrity, and data privacy—all of which are especially important for being enterprise ready. To ensure these standards are met, we continuously invest in measures both inside our product, and in the processes we use to develop it. Our security investments are divided in to two core areas: Coda’s internal security—application security, infrastructure security, and compliance—and Coda’s product security features, which our customers use to customize their own security settings within the product.Product security features.
Coda offers enterprise-grade product security features to give you more control, visibility, and flexibility. These include:- Authentication: Coda offers a wide range of authentication methods, including SSO with SAML 2.0, sign-in with Google, Microsoft, Apple, Magic links, and basic two-factor authentication. Enterprises can also customize authentication policies and provision/de-provision users through SCIM.
- Access control: To ensure users only have access to what they need, Coda offers controls on docs, folders, Packs, and workspaces. Enterprises can set advanced sharing policies and govern user authentication, doc sharing, publishing, folder creation, data export, file uploads, and session duration.
- Auditing: Coda provides detailed audit events to help enterprises with proactive security monitoring and forensic investigations. Easily view, filter, and search audit events with the in-product dashboard, or access audit logs for the past 12 months with Audit APIs.
- Enterprise policies and dashboards: Enterprises can set policies to govern users, docs, and Packs, including authentication, external and inbound sharing, data exporting, and publishing. Advanced admin dashboards make it easy to manage workflows, such as managing members, auditing events, managing publicly shared docs, and more.
- Advanced integration controls: Enterprises have full control over what data can be brought into Coda, who can bring it, and who can access it via third-party integrations. By employing Pack controls, teams can ensure that only authorized individuals are allowed to access that data within Coda docs.