1 min read

DeNexus Completes SOC 2 Compliance Type 1 Report

Featured Image

We are excited to announce that DeNexus Inc has successfully achieved SOC 2 compliance and received our “Type 1” Report in March, which examined our controls that were implemented for security and confidentiality.   

Created by AICPA, SOC 2 was constructed for companies storing customer data in the cloud. SOC 2 is considered a technical audit, but it goes beyond that by requiring companies to establish and follow strict information security policies and procedures, encompassing five “trust service principles” as regards customer data: security; availability; processing; integrity; confidentiality.  

SOC 2 is also unique in that it ensures a company’s information security measures are in line with ever-changing cloud security parameters. One control that SOC 2 requires to be implemented is the concept of Role Based Access Control, also referred to as the concept of Least Privileges. By enforcing this control, DeNexus can ensure that only personnel with a “day-to-day need” for access to specific systems and customer data, are granted this access. This limits the attack surface and creates a more secure DeRISK product.   

This is a benchmark accomplishment for DeNexus that proves to our customers that we place data security at the foundation of everything we do. For an innovator in the cyber risk SaaS space, data security is critical  - says Jamie Bussin, Director of Compliance at DeNexus.

For more details about what SOC 2 compliance entails for DeNexus, refer to a blog on SOC 2 Compliance here

New call-to-action

Meet the Team: Srikant Rachakonda

The quote by Mr. T. Schranz “Good companies manage Engineering. Great companies manage Product” really resonates with me!

Read More

Meet the Team: Kevin Hamman

“No matter the challenge, there is always a path to success.”  -Uknown

Read More

Cyber-risk modeller opens Bermuda office

Bermuda’s fintech-friendly atmosphere and strong technological infrastructure has led to the formation of a new cyber-risk modelling company.

Read More