News

[NEWS] Devolutions Achieves SOC 2 Type II Certification

SOC2 compliance achievement devolutions blog
Derick St-Hilaire

Hello there! My name is Derick St-Hilaire, and I’m the Salesforce Administrator here at Devolutions. I’m one of the more experienced employees here at Devolutions, and it has been amazing to see the company and community grow over the years. My primary responsibilities include managing our Salesforce platform, and working closely with our strategic partners and customers. I also oversee the management of Devolutions Force, which is our VIP Advocate Community. Academically, I have a bachelor’s degree in marketing. When I’m not working, I enjoy camping, walking my dog, playing video games, and I’m a huge movie fan — including the Star Wars franchise of course. If you would like to join Devolutions Force, or if you wish to get in touch, then you are welcome to contact me directly at dsthilaire@devolutions.net.

View more posts

We are proud to announce that Devolutions has completed a SOC 2 Type II report which details the management’s description of Devolutions Password Hub (DPH) and the suitability of the design and operating effectiveness of its controls. This report is the result of an exciting journey that gave us the opportunity to improve not only the transparency of our security practices, but also to reach a milestone in the development maturity of our information security program.

About SOC 2 Certification

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is widely recognized as a gold standard for businesses that need detailed information and assurance about the controls at an organization that provides a service processing their data. The deliverable is a report that contains the independent service auditor’s report, the management’s assertion, the system description and the testing results of the security controls. Any control that failed testing either partially or completely is documented in the report.

Devolutions Password Hub SOC 2 Certified

The scope of our audit included the Devolutions Password Hub (DPH) service and related components, Password Hub Core and Lucid. Conducted from October 1 to December 31, 2019, this audit, performed by Ernst and Young LLP, aimed to validate that trust service criteria for security was covered for all dimensions of the service including its control environment, communication and information, risk assessment management, monitoring activities and control activities. Requiring us to test nearly 50 controls, as described in the report, this achievement demonstrates that Devolutions’ commitment to security is applied and enforced to ensure the trustworthiness of our system and products. Our CISO Martin Lemay shared the following thoughts on being SOC 2 certified: “Having passed the testing with flying colors, SMBs using our solutions can rest assured that they are in good hands with Devolutions, and are being provided with the utmost level of security across their organization.”

How to Access the Report

The report is accessible to customers, partners, and anybody interested in learning more about Devolutions Password Hub’s security protocols. To receive the report, simply contact our team by sending an email at ticket@devolutions.net. A SOC 2 report is complex and is intended for an audience that can understand such a document.

Also, given the confidential nature of the information disclosed in the report, we will ask each person requesting a copy of our SOC 2 report to execute a non-disclosure agreement to preserve the confidentiality of its content.

A Deeper Look

Next week we will be publishing an interview with our CISO, Martin Lemay, and our Director of Legal Affairs and Privacy, Guillaume Beaupré, in which they will take a deeper look at the audit process.

Related Posts

Read more News posts