- Cloud communication platform provider delivers clean SOC 2 report, validating security-first customer commitment
- EMnify’s newly completed SOC 2 Type II report follows SOC 2 Type I completion in November
EMnify, the leading cloud communication platform provider for IoT, today shares its completed clean Service Organization Control (SOC) 2 Type II examination with customers. Conducted by KirkpatrickPrice, the audit affirms information security practices, policies, procedures, and operations meet the rigorous SOC 2 standards for security and availability.
Defined by the American Institute of CPAs (AICPA), SOC 2 ® defines trust criteria for, in EMnify’s case, security and availability of its services. For each criteria a company must have one or more controls in place to ensure that the criteria can be met.
SOC 2 compliance and processing customer data
The importance of meeting the SOC 2 requirements when processing customer data cannot be overstated. SOC 2 reports – unique to each organization – provide a company’s external stakeholder groups with important information about how that company manages its services and customer data. There are two types of SOC reports:
- Type I, which EMnify completed in November, describes a company’s systems and whether their design is suitable to meet relevant trust principles.
- Type II, which EMnify completed in January, details the operational effectiveness of those systems over the audit period.
Martin Giess, EMnify CTO and Co-Founder, comments: “Achieving SOC 2 certification is a significant milestone in EMnify’s company history, and a valuable independent assessment of our information security practices. We are happy to assure our customers and all our stakeholders that working with EMnify means working with a security-first provider.”
What does compliance mean?
By achieving SOC 2 Type II compliance, EMnify has demonstrated our organization, systems and processes are designed to keep customers’ sensitive data secure and to successfully deliver our service to our customers. Prospective customers seeking a provider like EMnify, will find that SOC 2 Type II is the most useful certification when considering a possible service provider’s security credentials.
EMnify will remain a security-first communication platform provider for IoT and will continue to take this certification very seriously.
SOC 2 general information
A clean SOC 2 report is provided by external auditors after a formal SOC 2 examination process. Based on the systems and processes which a company has in place, the auditors analyze and assess to what extent a company complies with the below five “trust principles”. Which of the principles are included in the scope of the examination depends on each organization and its services.
Five Trust Principles:
- Security: Protection of system resources against unauthorized access.
- Availability: Accessibility of the system, products or services as stipulated by a contract or SLA. Monitoring network performance and availability, and security incident handling are critical.
- Processing integrity: Does a system achieve its purpose? I.e. deliver the right data at the right price at the right time.
- Confidentiality: Data is considered confidential if its access and disclosure is restricted to a specified set of persons or organizations
- Privacy: Collecting, using, disclosing and disposing of personal information in accordance with company privacy notice.
For more information on what the SOC 2 examination entails and what purpose it serves, please visit the AICPA website.
EMnify customers that would like to receive more detailed information can reach out to their customer success representatives.
The two types of SOC 2® reports are:
(iii) Type 1 – A report on management’s description of the service organization’s system and the suitability of the design of the controls to provide reasonable assurance that the service organization’s principal service commitments and system requirements were achieved based on the applicable trust services criteria;
(iv) Type 2 – A report on management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to provide reasonable assurance that the service organization’s principal service commitments and system requirements were achieved based on the applicable trust services criteria.
EMnify is the leading cloud communication platform provider for IoT that enables businesses with high growth IoT products to scale across networks worldwide with a single API. EMnify is solely dedicated to IoT – unlike traditional CPaaS vendors. Its disruptive solution and customer-centric approach are made possible by a team of international experts that support thousands of companies in more than 70 countries.
Founded in 2014 by forward-thinking telecommunications experts Frank Stöcker, Martin Giess and Alexander Schebler, EMnify revolutionized the industry through its cloud-native service, enabling secure IoT connectivity globally – addressing one of the main issues regarding the IoT sector. To learn more about EMnify, please visit www.emnify.com
Telefon: +49 (931) 49739270
Telefax: +49 (931) 46599004