We’re thrilled to announce that we have received SOC 2® — SOC for Service Organizations Type 2 Compliance certification for Xperience by Kentico (software-as-a service). But what exactly is SOC 2 and what does compliance really mean for you?
Security is of the utmost importance to any organization. It is a continuous process requiring continuous improvement. At Kentico, our customers’ security is just as important as ours, and we’ve been pursuing the highest security standards since day one.
What is SOC 2® compliance?
SOC 2® (Service Organization Control) is a cybersecurity compliance framework developed by the American Institute of Certified Public Accountants (AICPA) whose primary goal is to ensure that third-party service providers are storing and processing customer data in a secure fashion.
It is an auditing procedure that organizations like ours go through in order to test their data privacy and protection controls and to demonstrate their commitment to customer data security. The audit is conducted by an independent and impartial third party who measures how well an organization complies with current industry standards. The result of the audit is a report that addresses “controls relevant to security, availability and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information these systems process.”
There are two types of SOC 2®:
- SOC 2® Type 1 focuses on a company’s procedures and controls relating to certain Trust Services Criteria (TSC) relevant to the service the company provides.
- SOC 2® Type 2 assesses how effective those controls are over a longer period of time.
Kentico is proud to have achieved SOC 2® Type 2, proving that not only do our procedures and controls measure up to industry standards for protecting customer data, but that those controls are effective in the long term.
Kentico’s SOC 2® compliance report
Our SOC 2 report covers the following SOC Trust Services Criteria:
1) Security
Compliance with the security TSC means that information designated as confidential is protected against unauthorized access, unauthorized disclosure, and system damage that could compromise its availability, integrity, confidentiality, or privacy. Kentico has proven that our Xperience by Kentico (software-as-a-service) ensures:
- controls over logical and physical access to data
- detection and minimizing of deviations from established processes
- regulated change management procedures that prevent unlawful modifications
- identification or risk and mitigation strategies
2) Confidentiality
This principle means that information designated as confidential (e.g. financial information, business strategies, user data, or intellectual property) is protected as committed or agreed. SOC 2® confidentiality compliance obligations required that Xperience by Kentico (software-as-a-service) have:
- methods for identifying private information and for determining how long it should be kept
- policies for confidential information deletion
3) Availability
Compliance with the Availability TCS requires that information and systems are available for operation and use as committed or agreed. It focuses on system accessibility, maintenance and monitoring to ensure we have the operating capability and system components required to ensure customers can achieve business objectives. Obligations for Availability required that Xperience by Kentico (software-as-a-service) could:
- determine current usage and assess the risk of decreased availability due to capacity restrictions
- identify and evaluate environmental threats that could impact system availability (e.g. storms, fires, outages, or environmental control system failure)
Keeping our customers safe and secure
We believe that Xperience by Kentico (software-as-a-service) compliance with SOC 2® Type 2 increases trust and transparency between ourselves and our customers. It not only demonstrates Kentico’s commitment to maintaining a high level of information security, but also reassures our customers that stringent security policies, procedures, and practices are in place to protect their data over time.
If you have any questions about our SOC 2 report or would like more details, contact us. The full report is available to partners, customers, and prospects under certain conditions. Alternatively, if you’re interested in learning more about the many ways we protect your website and data, check out our security features.