In a digital world where privacy and user data can easily be compromised, cyber security is the name of the game. This is especially critical in enterprise, where so much valuable data is at stake. At Symantec’s Modern OS Security team, we focus on securing mobile platforms and the data accessed through them via our mobile threat defense solution, Symantec Endpoint Protection Mobile (SEP Mobile). We recognize that businesses rely on us to protect their sensitive data against mobile cyber-attacks, but no less important is how we protect customers’ data within our own internal systems. To this end, we’re happy to announce that SEP Mobile is now officially SOC 2 Type 2 compliant. With this certification, our customers can be confident that SEP Mobile has the controls and auditing in place to maintain the security and integrity of their data.
What is SOC 2 Type 2 Compliance?
SOC 2 Type 2 is an attestation standard established by the Association of International Certified Professional Accountants (AICPA) to ensure that technology systems maintain the “security, availability, processing integrity, confidentiality, and privacy” (Trust Services Criteria) of customer data. It applies to technology-based organizations that store or process customer data in the cloud. If an organization has SOC 2 Type 2 certification, this means an independent accounting and auditing firm has reviewed and tested the organization’s information security practices, policies and controls and has deemed them to be operating effectively to achieve the Trust Services Criteria.
SOC 2 Type 2 reports require an audit of practices and policies over a specified time period, generally spanning six months to a year. This contrasts with Type 1 reports which cover procedures at a specific point in time. Businesses evaluating service providers will therefore find it more useful to rely on a Type 2 report which looks at a given service provider’s operations over a longer timeframe.
Why is SOC 2 Type 2 Compliance Important?
In today’s global economy, more and more companies are relying on third-party technology vendors for core services or functions, including cyber security. In their work together, companies often grant vendors access to their sensitive and confidential data, opening themselves up to a certain level of risk, especially if a given vendor lacks adequate internal security controls and practices. Organizations need to be sure their data is protected at the highest levels to prevent any risk of compromise. SOC 2 Type 2 compliance provides this assurance to organizations, indicating that a given vendor/service provider has implemented industry-standard security controls defined by AICPA. Vendors who do not have SOC 2 certification cannot offer their customers the same degree of assurance over how their data and privacy are being protected.
What Does This Mean for SEP Mobile Customers?
Symantec is committed to providing the most secure environment for our customers’ sensitive data. SEP Mobile customers can be assured that their data and privacy are effectively and continuously being protected in accordance with AICPA’s Trust Services Criteria.
Our team is constantly building and improving our security controls while working to deliver top-notch mobile security solutions for our customers. Achieving SOC 2 Type 2 compliance is one more way SEP Mobile continues to be a leader not only in mobile threat defense innovation, but also in securing our own products.
Organizations need mobile EDR to combat a growing trend in mobile security: advanced and persistent attacks that exploit mobile OS vulnerabilities
SEP Mobile uses web intelligence and URL reputation from Symantec’s WebPulse to protect organizations from mobile security threats
We encourage you to share your thoughts on your favorite social platform.