As a technology organization that advocates for and supports cybersecurity best practices of its customers, Automox is pleased to announce the successful completion of the Service Organization Control (SOC) 2 Type 2 audit of its cloud-native endpoint hardening platform. This third-party audit confirms Automox’s own commitment to cybersecurity best practices that keep customer data secure.
At Automox, platform security is one of our core development principles. Obtaining SOC 2 Type 2 certification adds a layer of confidence for security teams and auditors in some of our largest customers around the world, and it proves our ability to proactively protect against internal cyber threats.
Why is SOC 2 Type 2 Certification Important?
Most organizations require vendors to meet or exceed industry-accepted baselines defined by regulatory requirements or organizational policy. SOC 2 Type 2 certification is the generally accepted baseline for third party vendors that provide SaaS services, and it’s a key requirement for some organizations that are considering a shift of their patching and endpoint hardening strategies to the cloud.
SOC 2 Type 2 is a benchmark achievement for cloud service providers that establishes credibility for their cybersecurity hygiene, ability to safeguard sensitive data, and capability to ensure data privacy. The audit process is voluntary and consists of a rigorous assessment that covers core principles of security, availability, confidentiality, and privacy. Certification involves an annual audit and a report of the audit provided to the organization being evaluated.
Why Did Automox Pursue SOC 2 Type 2 Certification?
Moving at scale requires organizational alignment and commitment to industry best practices and standards. Automox is experiencing tremendous growth and while we strive for a robust security program, by obtaining SOC 2 Type 2 compliance, our partners and customers alike are reassured of our continued commitment to secure not just their systems, but ours as well.
Automox previously received SOC 2 Type 1 certification in 2019, which demonstrated Automox aligned to Trust Services Principles on a point-in-time basis. SOC 2 Type 2 is a more involved process than Type 1 certification which is conducted over a six-month period at a minimum. Because the SOC 2 Type 2 certification is over an extended period of time, this certification provides a broader more accurate viewport in validation of consistent cybersecurity processes and effective controls in safeguarding customer data.
What’s Included in Automox’s SOC 2 Type 2 Report
Schneider Downs & Co., Inc, a third-party independent CPA, provided an engagement report on November 19, 2020 that demonstrated satisfactory alignment with “Trust Services Principles” standards as defined by the American Institute of Certified Public Accountants (AICPA) after auditing Automox over the period of January 1, 2020 through July 31, 2020.
The SOC 2 Type 2 Report details the assessment of compliance across these five trust principles as implemented in both processes and systems of the audited organizations environment. The five trust principles of the audit are summarized below:
- Security: Alignment and adherence to industry standards and best practices. Demonstrable security controls protecting against unauthorized access, retrieval, and/or modification of critical resources and data.
- Availability: Visibility and network performance monitoring, service level agreement availability, recovery / failover measures, security incident handling, and more.
- Processing Integrity: Authorized system processing is validated, accurate, timely, and complete.
- Confidentiality: Sensitive and/or privileged data is restricted to only authorized entities with regard to intellectual property, financial information, digital assets, and more.
- Privacy: Ability to protect and control access to sensitive data such as PII, secure data across transport states, retention and disposal of data in accordance with privacy policies and agreements.
Check out Automox security practices for additional information on how we safeguard your data and privacy.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.