- Cloud communication platform provider delivers clean SOC 2 report, validating security-first customer commitment
- EMnify’s newly completed SOC 2 Type II report follows SOC 2 Type I completion in November
BERLIN, February, 10, 2021 – EMnify, the leading cloud communication platform provider for IoT, today shares its completed clean Service Organization Control (SOC) 2 Type II examination with customers. Conducted by KirkpatrickPrice, the audit affirms information security practices, policies, procedures, and operations meet the rigorous SOC 2 standards for security and availability.
Defined by the American Institute of CPAs (AICPA), SOC 2 ® defines trust criteria for, in EMnify’s case, security, and availability of its services. For each criteria a company must have one or more controls in place to ensure that the criteria can be met.
SOC 2 Compliance and Processing Customer Data
The importance of meeting the SOC 2 requirements when processing customer data cannot be overstated. SOC 2 reports – unique to each organization – provide a company’s external stakeholder groups with important information about how that company manages its services and customer data. There are two types of SOC reports:
- Type I, which EMnify completed in November, describes a company’s systems and whether their design is suitable to meet relevant trust principles.
- Type II, which EMnify completed in January, details the operational effectiveness of those systems over the audit period.
Martin Giess, EMnify CTO and Co-Founder, comments: “Achieving SOC 2 certification is a significant milestone in EMnify’s company history, and a valuable independent assessment of our information security practices. We are happy to assure our customers and all our stakeholders that working with EMnify means working with a security-first provider.”
What Does Compliance Mean?
By achieving SOC 2 Type II compliance, EMnify has demonstrated its organization, systems and processes are designed to keep customers’ sensitive data secure and to successfully deliver its service to customers. Prospective customers seeking a provider like EMnify, will find that SOC 2 Type II is the most useful certification when considering a possible service provider’s security credentials.
EMnify will remain a security-first communication platform provider for IoT and will continue to take this certification very seriously.
SOC 2 general information
A clean SOC 2 report is provided by external auditors after a formal SOC 2 examination process. Based on the systems and processes which a company has in place, the auditors analyze and assess to what extent a company complies with the below five “trust principles.” Which of the principles are included in the scope of the examination depends on each organization and its services.
Five Trust Principles:
- Security: Protection of system resources against unauthorized access.
- Availability: Accessibility of the system, products or services as stipulated by a contract or SLA. Monitoring network performance and availability, and security incident handling are critical.
- Processing integrity: Does a system achieve its purpose? I.e. deliver the right data at the right price at the right time.
- Confidentiality: Data is considered confidential if its access and disclosure is restricted to a specified set of persons or organizations.
- Privacy: Collecting, using, disclosing and disposing of personal information in accordance with company privacy notice.
For more information on what the SOC 2 examination entails and what purpose it serves, please visit the AICPA website.
EMnify customers that would like to receive more detailed information can reach out to their customer success representatives.