CyberArk earns new SOC 2 Type 2, SOC 3 Certifications for identity security platform
NEWTON, Mass. & PETACH TIKVA, Israel -- CyberArk today announced new Service Organization Control (SOC) 2 Type 2 and SOC 3 certifications for its developer and machine identity security SaaS-based products and capabilities. These certifications, based on a trustworthy and reputable framework, help to provide customers and their auditors with a transparent understanding of the controls CyberArk has implemented to support their operations.
The CyberArk Identity Security Platform protects identities and critical assets by enabling Zero Trust and enforcing least privilege with complete visibility, ensuring that every identity can securely access any resource, located anywhere, from everywhere. CyberArk Conjur Cloud and CyberArk Dynamic Privilege Access - both components of the CyberArk Identity Security Platform - achieved SOC 2 Type 2 and SOC 3 certification compliance this year:
- CyberArk Conjur Cloud offers a standardized interface for developer and security teams with developer tools and security controls that are consistent across any cloud or on-prem environment. It integrates with a wide range of DevOps tools, container platforms (Kubernetes), and supports hybrid and multi-cloud environments.
- CyberArk Dynamic Privilege Access provisions just-in-time access to workloads running on cloud infrastructure, such as specific virtual machines.
Other certified solutions include CyberArk Cloud Entitlements Manager, CyberArk Endpoint Privilege Manager, CyberArk Privilege Cloud, CyberArk Remote Access, CyberArk Secure Cloud Access, CyberArk Secure Web Sessions and CyberArk Workforce Identity.
“CyberArk’s ongoing customer commitment is to provide them with the assurance that the CyberArk Identity Security Platform aligns with SOC-2 expected security standards, giving them the confidence that CyberArk is committed to protecting their data,” said Peretz Regev, chief product officer, CyberArk. “CyberArk aims to always be a proven and trusted partner for organizations that look to guard against identity-centric threats.”
SOC reports are standardized reports based on the Trust Services Principles established by the American Institute of CPAs (AICPA). SOC 2 Type 2 certification demonstrates that an independent auditing firm has reviewed, tested and examined CyberArk production services controls to ensure their operation is aligned with expected security standards.
A SOC 3 report is a general use report of the SOC 2 reports that outlines a company’s internal controls and details how well they safeguard customer data, specifically for cloud service providers. Both reports evaluated not only how CyberArk safeguards customer data, but also how well those controls operate.
The SOC 2 and SOC 3 examinations were conducted by A-LIGN ASSURANCE (“A-LIGN”), an independent auditing firm, in accordance with the American Institute of Certified Public Accountants (AICPA).
To learn more about CyberArk’s security, reliability, privacy and compliance policies, please visit the CyberArk Trust Center.