We are proud to announce that Devolutions has completed a SOC 2 Type II report which details the management’s description of Devolutions Password Hub (DPH) and the suitability of the design and operating effectiveness of its controls. This report is the result of an exciting journey that gave us the opportunity to improve not only the transparency of our security practices, but also to reach a milestone in the development maturity of our information security program.

About SOC 2 Certification

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is widely recognized as a gold standard for businesses that need detailed information and assurance about the controls at an organization that provides a service processing their data. The deliverable is a report that contains the independent service auditor’s report, the management’s assertion, the system description and the testing results of the security controls. Any control that failed testing either partially or completely is documented in the report.

Devolutions Password Hub SOC 2 Certified

The scope of our audit included the Devolutions Password Hub (DPH) service and related components, Password Hub Core and Lucid. Conducted from October 1 to December 31, 2019, this audit, performed by Ernst and Young LLP, aimed to validate that trust service criteria for security was covered for all dimensions of the service including its control environment, communication and information, risk assessment management, monitoring activities and control activities. Requiring us to test nearly 50 controls, as described in the report, this achievement demonstrates that Devolutions’ commitment to security is applied and enforced to ensure the trustworthiness of our system and products. Our CISO Martin Lemay shared the following thoughts on being SOC 2 certified: “Having passed the testing with flying colors, SMBs using our solutions can rest assured that they are in good hands with Devolutions, and are being provided with the utmost level of security across their organization.”

How to Access the Report

The report is accessible to customers, partners, and anybody interested in learning more about Devolutions Password Hub’s security protocols. To receive the report, simply visit our security portal available from our website and directly download it from there. A SOC 2 report is complex and is intended for an audience that can understand such a document.

Also, given the confidential nature of the information disclosed in the report, we will ask each person requesting a copy of our SOC 2 report to execute a non-disclosure agreement to preserve the confidentiality of its content.

A Deeper Look

Next week we will be publishing an interview with our CISO, Martin Lemay, and our Director of Legal Affairs and Privacy, Guillaume Beaupré, in which they will take a deeper look at the audit process.