Kaspersky remains committed to the highest security principles and has again successfully completed the Service Organization Control for Service Organizations (SOC 2) Type 1 audit [1]. The final report from one of the four major global auditing firms confirms that the Kaspersky AV database development and release process is protected against unauthorized changes by appropriate security controls.
The Service Organization Controls (SOC) Reporting Framework, developed by the American Institute of Certified Public Accountants (AICPA) [2], is a globally recognized report that certifies that an organization's security controls are in compliance with the AICPA's 'Trust Services Criteria' (TSC). . The main criteria here are security, availability, processing integrity, confidentiality and data protection. Kaspersky first passed the SOC 2 Type 1 exam in 2019 as part of the company's Global Transparency Initiative (GTI) [3].
The revaluation initiated in January 2022 was successfully completed at the end of April. During the audit, the Big Four auditors examined, among other things, the company's policies and procedures related to the development and release of the anti-virus database, the network and physical security of the infrastructure involved in this process, and the control tools used by the Kaspersky team. It was also examined how the company informs its employees, users and customers about the conditions for the release of anti-virus databases.
Kaspersky solutions meet all relevant criteria
As a result of the audit, it was found that Kaspersky's internal controls protecting the development and release process of anti-virus databases for Windows and Unix operating systems meet all five of the trust categories covered by the TSC. The scope of the current audit has been expanded from the 2019 assessment as Kaspersky has introduced new security tools and controls. The full report [4] can be made available to customers upon request.
"We are proud to have once again confirmed the integrity and security of our technology processes for best-in-class cybersecurity solutions," commented Anton Ivanov, Chief Technology Officer at Kaspersky. “The security and trust of our customers and partners are our top priority. This new independent assessment provides the necessary security and confirms the trustworthiness of the solutions and services we offer. The SOC 2 assessment provides a rigorous yet fit for purpose description of our security practices for customers and partners regarding the development and deployment of Kaspersky's AV foundation. The report is a validation of Kaspersky's commitment to proactively protecting its infrastructure and ensuring the security of its customers and partners.”
Kaspersky Global Transparency Initiative
The renewal of the SOC 2 Type 1 report is one of a series of activities that are part of Kaspersky's Global Transparency Initiative and demonstrates the company's ongoing commitment to accountability. Kaspersky is among the first companies in the industry to operate transparency centers where stakeholders can view source code, software updates and rules for detecting threats. Kaspersky regularly has its technological processes, data services and compliance with existing industry standards evaluated by independent, recognized bodies. Earlier this year, the company renewed its ISO 27001:2013 [5] certification, an internationally recognized safety standard issued by the independent certification body TÜV AUSTRIA.
More at Kaspersky.com[1] https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpacybersecurityinitiative
[2] https://www.aicpa.org/home
[3] https://www.kaspersky.de/about/transparency
[4] https://www.kaspersky.com/about/compliance-soc2
[5] https://media.kaspersky.com/en/recertification_IS0_27001.pdf
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/