CYRISMA is now SOC2 Type II compliant! We started the Type II audit process with our partners at Vanta and Johnson Group LLP following our SOC2 Type 1 Compliance in September 2022, and obtained our final SOC2 Type II Compliance report this week. The compliance report reconfirms the effectiveness of CYRISMA’s data privacy and security controls and provides the confidence and assurance to both clients and prospects that we fulfil our service commitments based on the SOC2 trust services principles:
- Availability
- Confidentiality
- Processing Integrity
- Privacy, and
- Security
As a fast-growing cybersecurity SaaS provider, CYRISMA must balance two competing interests – continuing to grow and compete in a cutting-edge technology space while ensuring the security of the highly-sensitive data and workflows that our customers entrust to us. We continually identify and manage security risks that could affect our ability to provide secure services to customers, and take steps to maintain strong defenses at all times, as demonstrated in our SOC 2 audit process.
Our security commitments include (but are not limited to):
- Designing system features and configuration settings with appropriate access controls based on the principle of least privilege access.
- The use of appropriate detection systems to prevent and detect potential cyber attacks originating outside the perimeter of the system.
- Conducting regular vulnerability scans over the system and network, and penetration tests over the production environment.
- Implementing operational procedures for managing security incidents and breaches, including notification procedures.
- Protecting customer data both at rest and in transit with the use of encryption technologies and other security controls.
- Maintaining system availability (for production systems) and ensuring uptime.
Protecting customer data
The SOC2 Type II audit reconfirms CYRISMA’s commitment to protecting customer data. We have well established and vetted policies and procedures for the secure handling of customer data, which is managed, processed and stored based on the highest possible levels of integrity, confidentiality and restricted availability. This covers not only our clients’ and partners’ data, but also the customer data they handle, meaning that all the data passing through the CYRISMA platform remains secure. Access to user and account data – including Personally Identifiable Information (PII) and other data from employees, customers, users (customers’ employees) and other third parties such as suppliers, business partners, vendors and contractors – is controlled through appropriate system permissions as well as ongoing monitoring activities. All employees and contractors of the company are obligated to respect and protect customer data.
Vendor and subservice security controls
In addition to implementing strong data privacy and confidentiality controls internally, CYRISMA also tests vendor security controls and has written agreements with subservice providers to ensure that their security and privacy controls meet the five trust services principles.
What this means for existing partners, customers, and prospective clients
We believe that the SOC2 Type II compliance report will provide continued assurance to our existing customers that we make unrelenting efforts to keep their data secure and protected, both while at rest and in transit. For prospective clients, it serves as proof of our commitment to strong security and data protection practices. Businesses looking to engage with a security-focused and compliant cyber risk management provider can save time on their vetting process by simply referring to the audit report, based on one of the most trusted compliance frameworks today.
Contact us
If you’d like to know about our SOC 2 Type II audit process, please contact us at info@cyrisma.com or call +1 585-326-5829.