Committed tothe highest security principles, Kaspersky hasonce again completeda Service Organization Control for Service Organizations (SOC 2) Type 1 audit, conducted by an international Big Four accounting firm. The independent assessment reaffirmed that the development and release process of Kaspersky’s antivirus bases are protected against unauthorized changes by security controls.
Developed by the American Institute of Certified Public Accountants (AICPA), the Service Organization Controls (SOC) Reporting Frameworkis a globally recognized report that confirms that the organization’s security controls are in conformity with AICPA’s Trust Services Criteria (TSC), namely security, availability, processing integrity, confidentiality and privacy. Kaspersky first completed the SOC 2 Type 1 examination in 2019 as part of the company’s Global Transparency Initiative (GTI).
The reassessment, launched inlateJanuary 2022, wassuccessfully completed inlate April. During the examination, Big Four auditors among other things scrutinized the company’s policies and procedures related to the development and release of antivirus (AV) bases, the network and physical security of the infrastructure involved in this processand the monitoring tools used by the Kaspersky team. The examination alsocovered how the company communicates the terms and conditions of the AV bases release process to its employees and users and customers.
As a result of the audit, it was concluded that Kaspersky’s internal controls for protecting the development and release process of antivirus bases for Windows and Unix OS systemsare suitably designed to meet all five trust categories covered by the TSC. The scope of the current audit has been expanded compared to the 2019 assessment, as Kaspersky has sinceintroduced new security tools and controls.The full report can be provided to our customers uponrequest.
“We are proud to once again reaffirm the integrity and security of our engineering practices delivering high-class cybersecurity solutions. The security and trust ofour customers and partners area key priority for us.This new independent assessment providesthe necessary assurance and verifies the trustworthiness of the solutions and services we offer.The SOC 2 assessment gives a rigorousand, at the same time, useful description of our safeguards to customers and partners about how Kaspersky’s AV bases are developed and distributed. The report is a confirmation of Kaspersky’scommitment to proactively protecting its infrastructure and guaranteeing the security of its customers and partners,” commentsAnton Ivanov, Chief Technology Officer at Kaspersky.
The renewal of the SOC 2 Type 1 report falls within a broader range of activities that are part of Kaspersky’s GTI, demonstrating the company’s ongoing commitment to accountability. Kaspersky is among the first in the industry to start operating Transparency Centers, in which the company’s stakeholders can review Kaspersky’s source code, software updates and threat detection rules.Itregularlyseeksindependent third-party assessments of the company’s engineering practices, data services and compliance with existing industry standards. Earlier this year,the company renewed its ISO 27001* certification, an internationally recognized applicable security standard, which was issued by independent certification body TÜV AUSTRIA.
Learn more about the Kaspersky Global Transparency Initiativehere.