Earlier today, a report surfaced raising concerns about Delve, a compliance automation platform we've used as part of our SOC 2 program. We want to be straightforward about what this means for Wispr and what we're doing about it.
What happened
Delve is under scrutiny for allegedly producing SOC 2 reports without properly verifying that customers' security controls were in place. We became aware of the report this morning and immediately launched a comprehensive internal audit.
Where we stand
Our security controls were built and implemented independently of Delve. MFA, SSO, MDM, endpoint detection, encrypted backups, role-based access, data encryption, vulnerability scanning, audit logging, and security awareness training all exist in our infrastructure today. The question raised by this report is whether Delve properly verified that implementation, not whether the controls themselves exist.
Our previous SOC 2 audit was performed by Accorp, an audit firm peer-reviewed by the AICPA. Our current auditor is Aprio, a top-25 US accounting firm.
We've spent the day confirming that our controls are operating as documented. Where we've found gaps between policy and implementation, remediation is already underway.
What we're doing next
We've engaged a new compliance automation platform and will be conducting a fresh, independent audit of our entire compliance program. Our goal is to ensure that every claim we make about our security posture is independently verified, with no ambiguity.
If you have questions
We'd rather over-communicate than leave anyone guessing. If you're a customer or partner and want to discuss this in more detail, reach out to security@wispr.ai and we'll answer any questions.
Our commitment
Security isn't a feature. It's the foundation.
