At the end of last year, Kentico Kontent passed the SOC 2 Type 1 examination. We’re delighted to announce that, as of today, our product is also SOC 2 Type 2 compliant.
We at Kentico believe that security is a continuous process and requires continuous improvement. We’ve been pursuing the highest security standards to prove our commitment to protecting the privacy and interests of our enterprise clients. This is why we’re glad to announce that we’ve reached another of our goals and passed the SOC 2 Type 2 examination.
Why does SOC 2 matter?
As you might recall from our previous article, SOC 2 is an auditing procedure designed for service providers storing customer data in the cloud. There are two types of SOC 2; while the SOC 2 Type 1 focuses on the procedures and controls relating to one or all of the so-called Trust Services Criteria (TSC) that a company has put in place as of the time of evaluation, the SOC 2 Type 2 assesses how effective the controls in place are over a longer period of time.
The audit is conducted by an objective and independent third party that measures the company’s compliance with current industry standards. In 2019, we got the SOC 2 Type 1 report covering these Trust Services Criteria that are relevant to the services we provide:
- Availability – information and systems are available for operation and use as committed or agreed
- Security – information designated as confidential is protected against unauthorized access, both physical and logical
- Confidentiality – information designated as confidential is protected as committed or agreed
A few months have passed since we got the SOC 2 Type 1 report, and our procedures and controls in place have proved effective. The SOC 2 Type 2 report proves that we’ve been compliant with the requirements in the areas of availability, security, and confidentiality (if you want to learn more about SOC 2 and Trust Services Criteria, you can have a look at their resources here).