Rippling and its affiliates do not provide tax, accounting, or legal advice. This material has been prepared for informational purposes only, and is not intended to provide or be relied on for tax, accounting, or legal advice. You should consult your own tax, accounting, and legal advisors before engaging in any related activities or transactions.
Rippling IT achieves “gold standard” SOC 2 type II security certification
In this article
But we had another motive: To discover how we could use our own product to simplify the process.
After all, Rippling is an always-up-to-date source of truth for all your employee data, and Rippling IT is a powerful platform that can help automate identity and access management, multiple device management, and inventory management.
Many of the internal controls SOC 2 requires involve both HR and IT, so we used this opportunity to be the guinea pig and test how useful Rippling actually is for this use case.
How Rippling IT simplifies SOC 2 compliance
We were thrilled to find that Rippling IT takes a lot of the pain out of the SOC 2 process by automating data collection and policy compliance in many instances. Accessing the unified employee system of record through Rippling’s workforce management solution (or third-party HR tools) made it much easier to demonstrate compliance with security controls.
For example, companies may want to show that when an employee is terminated, all of their access to company systems is also terminated immediately. This is an important security safeguard, yet one study found 89% of former employees retain access to at least one of their former employer’s systems after they leave.
Fortunately, Rippling IT not only tracks dates of employment as well as what tools workers had access to — it automatically disables employee access to all software when they’re terminated and allows admins to remotely wipe their laptops. Our Custom Reports tool makes it easy to document that this protocol was followed in just a few clicks.
Here are some of the ways we used Rippling IT during SOC 2:
HR
Automated employee account creation and deletion in our onboarding and offboarding procedures
Automated background checks as part of the hiring flow
Automated evidence collection for new hire population, terminated employee population, account creation/deletion dates, and more
Security and provisioning
Enforced a strong password policy and 2FA settings within Rippling
Used Rippling SSO/SAML to securely access all critical third-party applications and infrastructure
Hardware
Provided an up-to-date inventory of all employee laptops, including information on hardware, OS, antivirus software, and the status of security patches
The SOC 2 process was a great learning experience for us. Now that we know what our product can do, we’re eager to support customers going through their own security certification audits.
Ultimately, we want Rippling to enable one-click SOC 2 compliance.
Disclaimer
Author
Alberto Martinez
Lead Security Engineer
Explore more
Aug 21, 2025
|
11 min
SOC 2 Type 2: What sets it apart from other SOC frameworks
SOC 2 Type 2 is an audit that assesses a service provider's controls over a specified period of time. Learn how it differs from other SOC report types.
Aug 21, 2025
|
4 min
The CTO's playbook for scaling startup security and SOC 2
A guide for startup CTOs to achieve SOC 2 compliance and scale security without slowing growth. Get a roadmap for success.
Aug 21, 2025
|
10 min
SOC 2 compliance checklist & best practices for successful IT audits in 2025
Use this SOC 2 compliance checklist to prepare for audits, ensure requirements are met, and strengthen your security posture effectively.
Aug 21, 2025
|
12 min
SOC 2 compliance: A step-by-step guide to prepare for your audit
Prepare for your SOC 2 audit with our comprehensive guide. Learn key steps, best practices, and pitfalls to avoid for a successful compliance journey.
Aug 21, 2025
|
5 min
Compliance beyond the certifications: How we keep customer data secure
Discover Rippling's journey beyond standard compliance to build a security-first culture that prioritizes customer-focused data protection.
Aug 21, 2025
|
10 min
SOC 1 vs. SOC 2 vs SOC 3: Key differences & 2025 guide
Learn the key differences between SOC 1, SOC 2, and SOC 3 reports, their compliance requirements, and how to choose the right audit for your business.
Aug 21, 2025
|
7 min
What you need to know about employee data privacy, security, and compliance
Managing employee data is crucial for business operations, legal compliance, and data protection. This guide will help you manage employee data securely.
Aug 21, 2025
|
9 min
10 Lessons: Containerizing our Django Backend
Discover 10 key lessons learned from containerizing Rippling's Django backend to enhance scalability and performance.
See Rippling in action
Increase savings, automate busy work, and make better decisions by managing HR, IT, and Finance in one place.