BeyondTrust, the worldwide technology leader in Privileged Access Management (PAM), has successfully completed both the International Organisation for Standardisation (ISO) 27001 certification, and the Service Organisation Control 2 (SOC 2) Type 1 audit. Achievement of these security milestones included a broad scope of BeyondTrust systems, including its internal controls and Endpoint Privilege Management (EPM) and Secure Remote Access (SRA) product portfolios. Achieving ISO 27001 and SOC 2 Type 1 compliance demonstrates BeyondTrust’s ability to ensure customer data is safe from the most sophisticated methods of intrusion. The highly detailed validation process verifies the effectiveness of BeyondTrust’s internal security operations, secure software development practices, and product capabilities. These extensive audits were conducted by Aprio, a nationally recognised, top 100 CPA-led business advisory firm.
Cloud-ready enterprises must quickly secure vulnerable endpoints to protect against malicious attacks like phishing, malware, and ransomware. This is particularly important today as most employees are working from home and require secure endpoints. BeyondTrust’s SaaS solutions allows enterprises to secure, manage, and support user devices and limit privileges, without hindering productivity or driving up service desk calls.
“Our customers now have certified third-party attestation that the design, implementation, and operation of BeyondTrust’s security and availability controls meet or exceed the criteria set by the American Institute of Certified Public Accountants (AICPA),” said Abdul Badruddin, Director of Governance, Risk and Compliance, BeyondTrust. “Earning the ISO 27001 certification and the SOC 2 Type 1 compliance reflects our ongoing commitment to customers in this era of increasing cyberattacks, particularly with the dramatically increasing remote workforce. These newly certified products enable organisations to secure end-user devices and prevent malware and ransomware from being introduced into their corporate environments.”
By uniting the broadest set of privileged security capabilities, BeyondTrust’s Universal Privilege Management approach simplifies deployments, reduces costs, improves usability, and reduces privilege risks. BeyondTrust’s Endpoint Privilege Management solutions enforce least privilege by removing excessive end user privileges and controlling applications on endpoints using Windows, Mac, Unix or Linux, and its Secure Remote Access solutions allow for organisations to increase their service desk capability as well as secure, manage, and audit both vendor and internal remote privileged access without the need for a VPN.
ISO 27001 is a globally recognised standard from the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) mandating numerous controls for the establishment, maintenance and certification of an information security management system (ISMS). Achieving the ISO 27001 standard certifies that BeyondTrust has the requisite information security controls in place to demonstrate its commitment to providing customers with the highest level of information security management.
The American Institute of CPA’s Trust Service Criteria for SOC 2 compliance mandates technology service organisations to document customer information concerning security, operational policies, processing integrity, and the privacy of customer data. SOC 2 Type I reports describe a service vendor’s systems, with attestation of their ability to meet relevant trust principles and controls for storing customer information.