BeyondTrust solutions achieve ISO 27001 certification
James Thorpe
Share this content
BeyondTrust, the worldwide technology provider of Privileged Access Management (PAM), has announced it has successfully completed both the International Organization for Standardization (ISO) 27001 certification and the Service Organization Control 2 (SOC 2) Type 1 audit. Achievement of these security milestones included a broad scope of BeyondTrust systems, including its internal controls and Endpoint Privilege Management (EPM) and Secure Remote Access (SRA) product portfolios. Achieving ISO 27001 and SOC 2 Type 1 compliance demonstrates BeyondTrust’s ability to ensure customer data is safe from the most sophisticated methods of intrusion. The highly detailed validation process verifies the effectiveness of BeyondTrust’s internal security operations, secure software development practices and product capabilities. These extensive audits were conducted by Aprio, a nationally recognised, top 100 CPA-led business advisory firm.
Cloud-ready enterprises must quickly secure vulnerable endpoints to protect against malicious attacks like phishing, malware and ransomware. This is particularly important today as most employees are working from home and require secure endpoints. BeyondTrust’s SaaS solutions allows enterprises to secure, manage and support user devices and limit privileges, without hindering productivity or driving up service desk calls.
“Our customers now have certified third-party attestation that the design, implementation and operation of BeyondTrust’s security and availability controls meet or exceed the criteria set by the American Institute of Certified Public Accountants (AICPA),” said Abdul Badruddin, Director of Governance, Risk and Compliance, BeyondTrust. “Earning the ISO 27001 certification and the SOC 2 Type 1 compliance reflects our ongoing commitment to customers in this era of increasing cyberattacks, particularly with the dramatically increasing remote workforce. These newly certified products enable organisations to secure end user devices and prevent malware and ransomware from being introduced into their corporate environments.”
“After thorough review, BeyondTrust’s entity, as well as its Secure Remote Access and Privilege Management SaaS products fulfill the standards set forth in ISO 27001 and SOC 2 for protecting customer data,” said Dan Schroeder, Partner-in-Charge of Information Assurance Services at Aprio. “These reporting standards are industry best practice risk management reporting standards for security, privacy and other operational controls for SaaS and other technology service providers.”
By uniting the broadest set of privileged security capabilities, BeyondTrust’s Universal Privilege Management approach simplifies deployments, reduces costs, improves usability and reduces privilege risks. BeyondTrust’s Endpoint Privilege Management solutions enforce least privilege by removing excessive end user privileges and controlling applications on endpoints using Windows, Mac, Unix or Linux, and its Secure Remote Access solutions allow for organisations to increase their service desk capability as well as secure, manage and audit both vendor and internal remote privileged access without the need for a VPN.
ISO 27001
ISO 27001 is a globally recognised standard from the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) mandating numerous controls for the establishment, maintenance and certification of an information security management system (ISMS). Achieving the ISO 27001 standard certifies that BeyondTrust has the requisite information security controls in place to demonstrate its commitment to providing customers with the highest level of information security management.
SOC 2
The American Institute of CPA’s Trust Service Criteria for SOC 2 compliance mandates technology service organisations to document customer information concerning security, operational policies, processing integrity and the privacy of customer data. SOC 2 Type I reports describe a service vendor’s systems, with attestation of their ability to meet relevant trust principles and controls for storing customer information.