Security has always been a priority at VividCortex, and we have architected and built our product for security from the beginning, frequently conducting exercises such as third-party penetration tests and code reviews. Today we are pleased to announce that VividCortex has successfully completed SOC 2 Type I certification. The report comes after an intensive (and completely successful) auditing process, and is tangible and transparent proof of our commitment to customer protection.
SOC 2 compliance is neither an easy process nor a useless one. Most of us at VividCortex have worked in companies that were subject to various types of security requirements. What we like most about SOC 2 is that it’s sensible and legitimate: the requirements are both common sense and rigorous types of things you must do to actually be secure. SOC 2 Type 1 attests that the VividCortex controls were designed and implemented to meet the criteria for Security, Availability, Processing Integrity and Confidentiality.
VividCortex has a dedicated security team, but security involves literally every person at the company. Our security program follows a Risk Management framework, reports directly to the CEO, and is reportable to the board of directors.
SOC 2 compliance is just one of several security-related initiatives VividCortex has completed this year. Other initiatives VividCortex has undertaken include:
- A full security-driven cloud infrastructure change to separate our highly sensitive environments from other environments
- The deployment of Intruder Detection and client MDM solutions
- Security awareness training for employees and specific OWASP training for all engineers
- Monthly Internet vulnerability testing
- A variety of dedicated third-party penetration tests
It’s a lot of work, but it’s often satisfying. It’s rare that a company can pass compliance testing by showing its own product in action! At VividCortex we use our own solutions to monitor our cloud production services, so when it came time to produce much of the evidence needed for SOC 2 Availability and Processing Integrity criteria we simply showed the same VividCortex features and systems monitoring outputs our customers see every day.
Going forward, VividCortex will continue on the compliance path for SOC 2 Type II reporting which is based on an assessment after the issuance of the Type I report. The Type II audit validates the strength of our controls over time, and highlights our ongoing commitment to security.
If you’d like to request a copy of the report, please contact your sales representative.