Cerby, a security platform for unmanageable applications with a ‘zero trust’ approach that optimizes security practices while empowering employees and security teams, has completed a system and organization controls (SOC) 2 Type II audit, performed by Sensiba San Filippo, LLP (SSF). The validation demonstrates the company prioritizes security controls and the protection of customer data on its platform.
Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 information security standard is an audit report on the examination of controls relevant to the trust services criteria categories covering security, availability, and confidentiality.
A SOC 2 Type II report describes a service organization’s systems and whether the controls they have in place to satisfy the SOC criteria are operating effectively over an agreed-upon observation period. Cerby’s SOC 2 Type II report had no noted exceptions and was issued with a “clean” audit opinion from SSF.
“Unlike a pen test, which tests for exploitable vulnerabilities at a specific point in time, SOC 2 Type II observes security controls longer over a period, demonstrating consistency over time,” said Matt Chiodi, chief trust officer at Cerby. “SOC 2 is recognized as a gold standard for security. Achieving this certification attests to Cerby’s focused efforts to build trust and protect customer data.”
Chris Roe, CISA, CRISC, manager at Sensiba San Filippo, said: “SOC 2 Type II report gives Cerby customers confidence in the secure design and operational effectiveness of the platform, having gone through a rigorous security verification process. We congratulate Cerby for taking this step in demonstrating the company’s commitment to protecting customer data.”