Crisp compliance status with SOC2

Learn how Crisp security practices map to the main SOC 2 trust service principles.

SOC 2 is an audit framework used to evaluate how a service organization manages customer data across security, availability, processing integrity, confidentiality, and privacy. This article is a practical overview, not a SOC 2 audit report or certificate.

Important clarification

Crisp takes security seriously and documents its practices publicly, but this article should not be presented as a formal SOC 2 certification. If your procurement process requires signed compliance documents, audit reports, or contractual commitments, contact Crisp directly so the right materials can be shared.

Do not use this article as a substitute for legal, procurement, or security review. It is meant to help teams understand the areas that are commonly reviewed in SOC 2 assessments.

What SOC 2 evaluates

SOC 2 reports are issued by independent auditors. They assess controls against one or more trust service principles, depending on the scope selected by the organization.

SOC 2 trust service principles overview

The five common trust service principles are:

Security → protection against unauthorized access and misuse
Availability → system availability and operational resilience
Processing integrity → accurate, complete, and authorized processing
Confidentiality → protection of restricted information
Privacy → collection, use, retention, and disposal of personal data

How Crisp approaches these areas

Security

Crisp provides security features such as Two-Factor Authentication and developer-side safeguards like user identity verification for the chatbox. You can review broader infrastructure and application security practices in the Security Practices documentation.

Availability

Crisp publishes service status and incident information on the Crisp Status Page. For contractual availability requirements, review your Crisp agreement or contact Crisp directly.

Processing integrity

Teams should configure Crisp workflows, integrations, and API usage carefully so customer data is processed for the intended support and messaging purposes. For developer integrations, use the official REST API and SDK documentation as implementation references.

Confidentiality

Confidentiality depends on both Crisp security controls and your own workspace configuration. Use strong authentication, least-privilege access, secure API token storage, and documented internal procedures for handling customer information.

Privacy

Crisp provides GDPR-related resources and data processing information for customers operating under EU privacy requirements. Read Crisp EU GDPR compliance status for the dedicated privacy article.

Useful security resources

For deeper review, start with these resources:

Security Practices → infrastructure, application, and operational security information
Crisp Status Page → live service status and historical incidents
Crisp EU GDPR compliance status → GDPR and data processing guidance

Updated on: 03/05/2026

Was this article helpful?

Thank you!