BeyondTrust obtains ISO 27001 certification and SOC 2 Type 1 audit

BeyondTrust today announced it has successfully completed both the International Organization for Standardization (ISO) 27001 certification, and the Service Organization Control 2 (SOC 2) Type 1 audit. Achievement of these security milestones included a broad scope of BeyondTrust systems, including its internal controls and Endpoint Privilege Management (EPM) and Secure Remote Access (SRA) product portfolios. Achieving ISO 27001 and SOC 2 Type 1 compliance demonstrates BeyondTrust’s ability to ensure customer data is safe from the most sophisticated methods of intrusion. The highly detailed validation process verifies the effectiveness of BeyondTrust’s internal security operations, secure software development practices, and product capabilities. These extensive audits were conducted by Aprio, a nationally recognized, top 100 CPA-led business advisory firm.

“Our customers now have certified third-party attestation that the design, implementation, and operation of BeyondTrust’s security and availability controls meet or exceed the criteria set by the American Institute of Certified Public Accountants (AICPA),” said Abdul Badruddin, Director of Governance, Risk and Compliance, BeyondTrust. “Earning the ISO 27001 certification and the SOC 2 Type 1 compliance reflects our ongoing commitment to customers in this era of increasing cyberattacks, particularly with the dramatically increasing remote workforce. These newly certified products enable organizations to secure end-user devices and prevent malware and ransomware from being introduced into their corporate environments.”

ISO 27001
ISO 27001 is a globally recognized standard from the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) mandating numerous controls for the establishment, maintenance and certification of an information security management system (ISMS). Achieving the ISO 27001 standard certifies that BeyondTrust has the requisite information security controls in place to demonstrate its commitment to providing customers with the highest level of information security management.

The American Institute of CPA’s Trust Service Criteria for SOC 2 compliance mandates technology service organizations to document customer information concerning security, operational policies, processing integrity, and the privacy of customer data. SOC 2 Type I reports describe a service vendor’s systems, with attestation of their ability to meet relevant trust principles and controls for storing customer information.