Instana announces certified SOC 2 Type 2 compliance
Last year we successfully completed our initial SOC 2 Type 1 audit – this year we enhanced the scope of our certification by not only auditing the design but also the maturity level of our security and data privacy related controls.
What is SOC 2?
To re-cap, SOC 2 is a US-based Information Security framework for technology and cloud computing companies comparable to the European ISO 27001 standard. SOC 2 is following a top-down approach and requires companies to develop and maintain a set of written policies and technical controls. The ultimate goal of SOC 2 is to ensure appropriateness in the design of controls relating availability processing integrity and confidentiality of the service provided. SOC 2 compliance requirements are expressed by the Trust Services Criteria established and frequently updated by the American Institute of CPAs (AICPA). Type 1 audits are way shorter and focus on the design of controls only while a Type 2 audit focuses on the design & implementation during a specific time-frame.
Why is this important?
With this certification you have peace of mind, knowing that there has been an independent & full review of Instana’s security that verified the appropriateness in the design of controls regarding availability, processing integrity, and confidentiality of the service. Apart from that, you also have the assurance that security controls are being implemented and lived through the company.
For your security and compliance teams, this is the assurance from an independent third-party that Instana’s product and corporate related security controls are suitable and appropriate. For compliance, your security team can utilize Instana’s SOC 2 compliance for your own certification programs and third-party assessments. Many companies frequently have SOC 2 as a requirement before choosing to deploy a SaaS solution.
Instana’s commitment to security and data compliance
It is fundamental to not just develop a set of security and data privacy controls without really integrating it into the company. To us, the completion of our first Type 2 audit is another confirmation of our ongoing effort to build an appropriate & effective control set to protect the data of all our customers and users.