We are excited to announce that DeNexus Inc has successfully achieved SOC 2 compliance and received our “Type 1” Report in March, which examined our controls that were implemented for security and confidentiality.
Created by AICPA, SOC 2 was constructed for companies storing customer data in the cloud. SOC 2 is considered a technical audit, but it goes beyond that by requiring companies to establish and follow strict information security policies and procedures, encompassing five “trust service principles” as regards customer data: security; availability; processing; integrity; confidentiality.
SOC 2 is also unique in that it ensures a company’s information security measures are in line with ever-changing cloud security parameters. One control that SOC 2 requires to be implemented is the concept of Role Based Access Control, also referred to as the concept of Least Privileges. By enforcing this control, DeNexus can ensure that only personnel with a “day-to-day need” for access to specific systems and customer data, are granted this access. This limits the attack surface and creates a more secure DeRISK product.
This is a benchmark accomplishment for DeNexus that proves to our customers that we place data security at the foundation of everything we do. For an innovator in the cyber risk SaaS space, data security is critical - says Jamie Bussin, Director of Compliance at DeNexus.
For more details about what SOC 2 compliance entails for DeNexus, refer to a blog on SOC 2 Compliance here