Developed by the American Institute of Certified Public Accountants (AICPA), the Service Organization Controls (SOC) Reporting Framework is a globally recognized report that confirms that the organization’s security controls are in conformity with AICPA’s Trust Services Criteria (TSC), namely security, availability, processing integrity, confidentiality and privacy. Kaspersky first completed the SOC 2 Type 1 examination in 2019 as part of the company’s Global Transparency Initiative (GTI).
The reassessment, launched in late January 2022, was successfully completed in late April. During the examination, Big Four auditors among other things scrutinized the company’s policies and procedures related to the development and release of antivirus (AV) bases, the network and physical security of the infrastructure involved in this process and the monitoring tools used by the Kaspersky team. The examination also covered how the company communicates the terms and conditions of the AV bases release process to its employees and users and customers.
As a result
of the audit, it was concluded that Kaspersky’s internal controls for protecting
the development and release process of antivirus bases for Windows and Unix OS systems
are suitably designed to meet all five trust categories covered by the TSC. The
scope of the current audit has been expanded compared to the 2019 assessment,
as Kaspersky has since introduced new security tools and controls. The full
report can be provided to our customers upon request.
“We are proud to once again reaffirm the integrity and security of our engineering practices delivering high-class cybersecurity solutions. The security and trust of our customers and partners are a key priority for us. This new independent assessment provides the necessary assurance and verifies the trustworthiness of the solutions and services we offer. The SOC 2 assessment gives a rigorous and, at the same time, useful description of our safeguards to customers and partners about how Kaspersky’s AV bases are developed and distributed. The report is a confirmation of Kaspersky’s commitment to proactively protecting its infrastructure and guaranteeing the security of its customers and partners,” comments Anton Ivanov, Chief Technology Officer at Kaspersky.
The renewal of the SOC 2 Type 1 report falls within a broader range of activities that are part of Kaspersky’s GTI, demonstrating the company’s ongoing commitment to accountability. Kaspersky is among the first in the industry to start operating Transparency Centers, in which the company’s stakeholders can review Kaspersky’s source code, software updates and threat detection rules. It regularly seeks independent third-party assessments of the company’s engineering practices, data services and compliance with existing industry standards. Earlier this year, the company renewed its ISO 27001* certification, an internationally recognized applicable security standard, which was issued by independent certification body TÜV AUSTRIA.
Learn more about the Kaspersky Global Transparency Initiative here.
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.