Ideas, concepts, solutions, news
Komiko Maintains Commitment to Enterprise-Grade Security, Achieves SOC 2 Certification from Skoda Minotti
Komiko, the leading Sales and Customer Success Intelligence System, has been partnering closely with enterprises to improve its security posture while helping customers to accelerate and retain business following highly disciplined behaviors.
We are excited to announce that as of October 20, 2017, Komiko has successfully completed SOC 2 Type 1 certification (SSAE18, formerly SSAE16). The audit was performed by Skoda Minotti, a leading third-party risk advisory services team. Completion of this task assures Komiko controls were designed and implemented to meet the following:
- Security: Our platform and processes are protected against unauthorized access.
- Availability: The system is available for operation and use as committed or agreed.
- Integrity: System processing is complete, valid, accurate, timely, and authorized.
- Confidentiality: Information deemed confidential is protected as committed or agreed.
This achievement is a crucial milestone as we continue to provide enterprise-grade security for organizations of all sizes. Komiko will continue to invest in security protocols and procedures in an effort to stay ahead of customer demands and expectations.
What is SOC 2?
As Komiko customers continue to shift their day-to-day operations into cloud-based technologies, they need objective assurance that their confidential data, including person-to-person information and intellectual property, is safeguarded and adequately protected. SOC 2 is a standard audit performed by a trusted third-party that proves the assurance.
Context for Komiko Customers
The performed SOC 2 Type 1 audit is independent validation of the commitment Komiko is making to meeting customers’ requirements and pursuing an enterprise-focused security posture. The auditors at Skoda Minotti determined Komiko has been architected according to security best practices from the start. Achieving SOC 2 Type 1 requires stringent policies and documentation of controls that were already in place:
- Binding access control based on the least privileged access principle.
- Comprehensive logging, monitoring, events correlation, and alerts.
- Crucial vulnerability management with internal and external scans, penetration testing, and code reviews.
- Extensive employee security awareness training.
Defined Next Steps
The SOC 2 Type 1 report provides the auditor’s opinion on the design of Komiko controls. In the next few months, Skoda Minotti will further validate the operating conditions and effectiveness of Komiko controls with a Type 2 report, which is based on an assessment after the issuance of the Type 1 report. With the achievement of these compliance standards, Komiko is on track to ensure our customer’s data integrity and satisfaction are our top priorities.