Security Standards for CAD & PDM: What is SOC 2 Compliance and Why Does It Matter?

Let’s explain by pulling back the curtain on one aspect of the Onshape team’s security and compliance process: The SOC 2 Type II (sometimes called SOC 2 Type 2) audit.

What’s the SOC 2 Type II? 

A SOC 2 Type II (Systems and Organization Controls) report summarizes the findings of an independent auditor who assesses a company and its products on well-defined criteria in the areas of security, availability, and confidentiality.

The audit certifies compliance with the American Institute of Certified Public Accountants (AICPA) SOC 2 Trust Services Criteria requirements and delves into security policies, communication protocols, software design, data access controls, risk mitigation strategies, and more.

Considered the gold standard, you should request that your CAD and PDM vendor provide you with a copy of their annual SOC 2 report, which details how they met expectations for well-designed internal controls and how those controls were consistently followed throughout the year.

Why Does the SOC 2 Type II Matter?

In short, the SOC 2 Type II report means Onshape users can be confident that their IP and sensitive data are secure. 

“We are proud to share that Onshape has completed our SOC 2 Type II audit for the sixth consecutive year and has received a clean report with zero exceptions,” said Onshape Technical Operations Vice President John Rousseau. “This confirms that our internal controls around security, availability, and confidentiality are operating consistently and effectively. This assures our customers that we deliver on the responsibility we have to keep customer data safe, private, and available. Security is part of the Onshape culture and the vigilance of everyone on the team contributes to keeping customer data safe.” 

The Onshape team at PTC aims to build trusted partnerships by being transparent with engineers, IT professionals, and business leaders about security. You can request a copy of the Onshape SOC 2 Type II report here. Be sure to select “Onshape” under “Report Domain.” An NDA (non-disclosure agreement) is required to access the report.

Onshape’s Multi-Layered Security

With a SOC 2 Type II compliant platform like Onshape, your IP is safeguarded through a multi-layered shared responsibility approach to security:

The Application Layer: Onshape has an elite in-house security team dedicated to hardening its CAD application. This includes stringent data encryption in motion and at rest, granular access controls, constant monitoring, tested disaster recovery processes, and more. Security is a fundamental part of Onshape’s platform, just like its parametric 3D modeling features.

The Infrastructure Layer: Onshape leverages Amazon Web Services (AWS) industry-leading secure cloud computing infrastructure. AWS meets the highest global security certifications, like  SOC 2, ISO 27001, and NIST 800-53. It has designed its platform for maximum durability through robust physical security controls, disaster recovery processes, and advanced risk mitigation capabilities.

With Onshape running on AWS, you can be confident that your product data resides in a world-class environment purpose-built for security and availability. This shared responsibility model ensures that your IP is locked down across redundant layers of hardened application-level and infrastructure-level protections and is monitored continuously.

Contrast this multi-layered approach with legacy CAD setups that are often a house of cards when it comes to locking down data. Think about all the potential risks:

• Design files scattered across shared network drives, personal machines, and emails.

• No global view of who is accessing what data, when, or from where. 

• Physical security risks of lost/stolen laptops with sensitive data.

It’s a different story with cloud-native Onshape, which keeps your data safe and gives you full visibility and control over access.

High Satisfaction with Onshape Security

Not only is Onshape more secure, but its security features are also easier to use and are appreciated by CAD professionals across industries.

In “The State of Product Development & Hardware Design 2023-2024” report, results from an independent survey of over 1,400 CAD professionals rated Onshape as the top CAD platform for security. 

Here’s how the five mainstream CAD platforms compare for security:

Onshape users are far more satisfied than their on-prem colleagues, who have to share through outdated methods like email copies and shared network drives. With Onshape, CAD professionals efficiently manage access through user permissions, Link Sharing, and the ability to revoke viewing, commenting, or editing rights.

A Deeper Dive into Cloud Security

As the SOC 2 Type II report is a densely packed read, Onshape has created the “Enterprise IT and Security Guide,” which helps to unpack the platform's comprehensive, enterprise-grade security posture.

This eBook helps engineering leaders partner with IT by providing the detailed information about Onshape they need, including:

• Scalable SSO access

• Flexible and granular permission controls

• Data privacy and analytics

Protect Your CAD Data with Onshape

In the modern age, you need a proven, continuously hardened, secure cloud CAD platform like Onshape. With centralized access controls, universal visibility, rigorous third-party validation – like the SOC 2 Type II report – and multiple protective layers, Onshape ensures your most valuable data never falls into the wrong hands.

With Onshape, you always know exactly where your CAD data is and who can access it.