To reaffirm its commitment to customer data security and secure software development processes, Kaspersky has successfully passed the Service Organization Control for Service Organizations (SOC 2) audit, for the effectiveness of controls implemented to protect the process of the development and release of Kaspersky’s antivirus databases from unauthorized changes. Following previous audits for Type 1, Kaspersky has now passed the assessment for Type 2, analyzing the company’s controls over a six-month period.
The company has been continuously and successfully passing SOC 2 audits since 2019. The Service Organization Controls (SOC) framework is an internationally recognized standard for cybersecurity risk management systems, which was developed by the American Institute of Certified Public Accountants (AICPA). The framework aims to help organizations reassure their customers that they have effective security control mechanisms in place. In the spirit of transparency, Kaspersky chose this standard to confirm the trustworthiness of its processes and solutions and commitment to AICPA’s criteria, namely security, availability, processing integrity, confidentiality, and privacy.
The audit was carried out by a team of accountants from an independent service auditor. During the examination, Kaspersky’s process used for the development and implementation of anti-virus databases for Windows and Unix OS systems were checked, including the following elements of the control environment:
· Organization and Management
· Communication
· Risk Management
· Monitoring of Controls
The tests
included the inquiry of the appropriate management, supervisory, and staff
personnel; observation of Kaspersky activities and operations, and inspection
of Kaspersky documents and records. Unlike earlier SOC 2 Type 1 assessments,
this time, auditors looked not only into the implementation of the company’s internal
controls at a specific time, but also into operative effectiveness of those
controls over a period of six months — from December 2022 to May 2023. As a result
of the audit, it was concluded that Kaspersky’s internal controls to ensure regular
automated antivirus database updates are effective, while the process of the
development and implementation of antivirus databases is protected from
tampering. The comprehensive verdict of the auditors can be found
in the final report, which can be requested at the link.
“The security of Kaspersky customers is
paramount to us, and we are delighted to once again receive an independent
confirmation of the fact that our security controls and processes are implemented
properly and comply with AICPA’s criterion of security. The new SOC 2 Type 2
audit gives our customers the assurance that security control mechanisms have
been effectively established in our systems, and testifies that our internal
processes adhere to the highest standards,” noted Anton Ivanov, Chief
Technology Officer at Kaspersky.
The regular audits of the company’s internal processes are one of the pillars of Kaspersky’s Global Transparency Initiative (GTI), which aims to build trust with the company’s customers and partners and testifies Kaspersky’s adherence to transparency principles. To learn more about SOC 2 audit and to request the newly received the report, visit the website.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
