EMnify Completes Clean SOC 2 Type II Examination

(PresseBox) ( Berlin, )
.


Cloud communication platform provider delivers clean SOC 2 report, validating security-first customer commitment
EMnify’s newly completed SOC 2 Type II report follows SOC 2 Type I completion in November


EMnify, the leading cloud communication platform provider for IoT, today shares its completed clean Service Organization Control (SOC) 2 Type II examination with customers. Conducted by KirkpatrickPrice, the audit affirms information security practices, policies, procedures, and operations meet the rigorous SOC 2 standards for security and availability.

Defined by the American Institute of CPAs (AICPA), SOC 2 ® defines trust criteria for, in EMnify’s case, security and availability of its services. For each criteria a company must have one or more controls in place to ensure that the criteria can be met.

SOC 2 compliance and processing customer data

The importance of meeting the SOC 2 requirements when processing customer data cannot be overstated. SOC 2 reports – unique to each organization – provide a company’s external stakeholder groups with important information about how that company manages its services and customer data. There are two types of SOC reports:


Type I, which EMnify completed in November, describes a company’s systems and whether their design is suitable to meet relevant trust principles.
Type II, which EMnify completed in January, details the operational effectiveness of those systems over the audit period.


Martin Giess, EMnify CTO and Co-Founder, comments: “Achieving SOC 2 certification is a significant milestone in EMnify’s company history, and a valuable independent assessment of our information security practices. We are happy to assure our customers and all our stakeholders that working with EMnify means working with a security-first provider.”

What does compliance mean?

By achieving SOC 2 Type II compliance, EMnify has demonstrated our organization, systems and processes are designed to keep customers’ sensitive data secure and to successfully deliver our service to our customers. Prospective customers seeking a provider like EMnify, will find that SOC 2 Type II is the most useful certification when considering a possible service provider’s security credentials.

EMnify will remain a security-first communication platform provider for IoT and will continue to take this certification very seriously.

SOC 2 general information

A clean SOC 2 report is provided by external auditors after a formal SOC 2 examination process. Based on the systems and processes which a company has in place, the auditors analyze and assess to what extent a company complies with the below five “trust principles”. Which of the principles are included in the scope of the examination depends on each organization and its services.

Five Trust Principles:


Security: Protection of system resources against unauthorized access.
Availability: Accessibility of the system, products or services as stipulated by a contract or SLA. Monitoring network performance and availability, and security incident handling are critical.
Processing integrity: Does a system achieve its purpose? I.e. deliver the right data at the right price at the right time.
Confidentiality: Data is considered confidential if its access and disclosure is restricted to a specified set of persons or organizations
Privacy: Collecting, using, disclosing and disposing of personal information in accordance with company privacy notice.


For more information on what the SOC 2 examination entails and what purpose it serves, please visit the AICPA website.

EMnify customers that would like to receive more detailed information can reach out to their customer success representatives.

The two types of SOC 2® reports are:

(iii) Type 1 – A report on management’s description of the service organization’s system and the suitability of the design of the controls to provide reasonable assurance that the service organization’s principal service commitments and system requirements were achieved based on the applicable trust services criteria;

(iv) Type 2 – A report on management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to provide reasonable assurance that the service organization’s principal service commitments and system requirements were achieved based on the applicable trust services criteria.
The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material.
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to service@pressebox.de.