Security, trust, and confidentiality are key components of the Itential Automation Platform. Whether we are automating configuration and compliance, or providing insights into cloud network changes, everything we do is designed with the privacy and security of our customers in mind. Enterprises like yours trust Itential to provide automation solutions that help their networks perform at their best, while giving you the confidence needed to manage your infrastructure.
As evidence to our dedication to security and trust, Itential has completed our first annual organizational controls audit by independent firm BARR Advisory. So, how did we do?
We are proud to announce that BARR Advisory has delivered its SOC 2 Type 2 report with zero findings, and that Itential has successfully met the standards for the security, availability, confidentiality, and processing integrity Trust Services Criteria.
What Does This Mean for You?
With the American Institute of Certified Public Accountant’s (AICPA’s) SOC 2 standard, customers get peace of mind that their information is securely handled by providers like Itential. The audit ensures that Itential not only keeps users’ data safe but also confirms that our services are reliable, private, and secure.
In addition to the 2021 SOC 2 Type 2 report, Itential is committed to the principles inherent in the General Data Protection Regulation (EU) 2016/679 (GDPR) and the California Consumer Privacy Act of 2018 (CCPA), and particularly to the concepts of privacy by design, the right to be forgotten, consent, and a risk-based approach.
What is SOC 2?
A SOC 2 report is issued after an in-depth audit by an independent CPA firm. The report assesses an organization’s implementation of appropriate controls, security configurations, and internal policies to manage their organization and their data securely. There are two types of SOC 2 reports, Type 1 and 2. A Type 1 report attests that an organization has implemented controls at a snapshot in time. Itential received our SOC 2 Type 1 report as of March 31, 2021, as part of our commitment to reduce the operational burden for our enterprise customers and accelerate their network automation initiatives.
In contrast, a Type 2 report affirms that these controls have been implemented and adhered to over a period of time. Itential was issued a SOC 2 Type 2 report on October 15, 2021, underscoring our diligent and consistent approach to data security and privacy.
The Audit
Itential partnered with Vanta, the leading SaaS platform that automates the complex and tedious work to prepare for an audit. Vanta connects to our critical cloud services providers, such as AWS and Jira, and continuously monitors them for compliance across a set of controls. In addition to continuous monitoring and testing, Vanta simplifies the onboarding process for new employees with an intuitive interface to accept company policies and complete mandatory security awareness training.
Itential’s SOC 2 Type 2 examination was conducted by BARR Advisory, one of the most reputable risk management and advisory firms. Facilitated by Vanta, they tested controls across the Trust Services Categories of Security, Availability, Confidentiality, and Processing Integrity as defined by the AICPA. For each of the criteria mapped to Itential’s controls, the audit showed us meeting and exceeding all SOC 2 standards.
Beyond SOC 2
While SOC 2 is an important milestone, we are dedicated to continuously improving our security posture. At Itential, security projects are first-class citizens and directly incorporated into our operational roadmap. In addition to maintaining our security controls for SOC 2, Itential is focusing on achieving compliance with PCI-DSS, FedRAMP, and further GDPR improvements in 2022. Information security is a never-ending journey, and we are committed to staying on the path.
You can learn more about all of our efforts to build a truly trustworthy service at our Information Security & Compliance Center. If you have questions about our SOC 2 compliance, how to obtain our SOC 2 Type 2 report, or anything trust related, please contact your account executive or email compliance@itential.com.