Kaspersky has successfully completed the Service Organisation Control for Service Organisations (SOC 2) Type 1 audit.
The final report, issued by one of the Big Four accounting firms, confirms that the development and release of Kaspersky’s threat detection rules databases (AV databases) are protected from unauthorised changes by strong security controls. In addition, the company is announcing new developments of its Global Transparency Initiative.
The Service Organisation Controls (SOC) Reporting Framework is a globally recognised report for cybersecurity risk management controls, developed by the American Institute of Certified Public Accountants (AICPA) to inform customers about effective design and implementation of security controls. Being a responsible and transparent company for its customers, Kaspersky has chosen this standard to demonstrate the trustworthiness of its product and the company’s commitment to the AICPA Trust Service Principles and Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
The examination completed under the SSAE 18 standard (Statement of Standards for Attestation Engagements) includes internal controls over regular automatic updates of antivirus databases, created and distributed by Kaspersky for its products operating on Windows and Unix Servers. In its final report, the Big Four independent auditor identified suitability of the abovementioned controls and their appropriate operation on a specified date.
“The security of our products is certainly one of our top priorities. We are proud to have completed this independent assessment which provides our customers with assurance of the security of our products, and confidence in our R&D processes and controls. This audit marks one more step in our efforts to demonstrate the company’s transparency,” notes Andrey Efremov, chief technology officer at Kaspersky.