Kaspersky passes the comprehensive SOC 2 Type 2 audit
Gulf Tech News
To reaffirm its commitment to customer data security and secure software development processes, Kaspersky has successfully passed the Service Organization Control for Service Organizations (SOC 2) audit, for the effectiveness of controls implemented to protect the process of the development and release of Kaspersky’s antivirus databases from unauthorized changes. Following previous audits for Type 1, Kaspersky has now passed the assessment for Type 2, analyzing the company’s controls over a six-month period.
The company has been continuously and successfully passing SOC 2 audits since 2019. The Service Organization Controls (SOC) framework is an internationally recognized standard for cybersecurity risk management systems, which was developed by the American Institute of Certified Public Accountants (AICPA). The framework aims to help organizations reassure their customers that they have effective security control mechanisms in place. In the spirit of transparency, Kaspersky chose this standard to confirm the trustworthiness of its processes and solutions and commitment to AICPA’s criteria, namely security, availability, processing integrity, confidentiality, and privacy.
The audit was carried out by a team of accountants from an independent service auditor. During the examination, Kaspersky’s process used for the development and implementation of anti-virus databases for Windows and Unix OS systems were checked, including the following elements of the control environment:
- Organization and Management
- Communication
- Risk Management
- Monitoring of Controls
The tests included the inquiry of the appropriate management, supervisory, and staff personnel; observation of Kaspersky activities and operations, and inspection of Kaspersky documents and records. Unlike earlier SOC 2 Type 1 assessments, this time auditors looked not only into the implementation of the company’s internal controls at a specific time, but also into operative effectiveness of those controls over a period of six months — from December 2022 to May 2023. As a result of the audit, it was concluded that Kaspersky’s internal controls to ensure regular automated antivirus database updates are effective, while the process of the development and implementation of antivirus databases is protected from unauthorized tempering. The comprehensive verdict of the auditors can be found in the final report, which can be requested at the link.
“The security of Kaspersky customers is paramount to us, and we are delighted to once again receive an independent confirmation of the fact that our security controls and processes are implemented properly and comply with AICPA’s criterion of security. The new SOC 2 Type 2 audit gives our customers the assurance that security control mechanisms have been effectively established in our systems, and testifies that our internal processes adhere to the highest standards,” noted Anton Ivanov, Chief Technology Officer at Kaspersky.
The regular audits of the company’s internal processes are one of the pillars of Kaspersky’s Global Transparency Initiative (GTI), which aims to build trust with the company’s customers and partners and testifies Kaspersky’s adherence to transparency principles. To learn more about SOC 2 audit and to request the newly received the report, visit the website.