At Devolutions, in order to provide the safest remote connection and password management solutions on the market, we perform and maintain a wide range of controls to protect confidentiality, integrity, and availability of customer data and services.
As part of our longstanding commitment to security and transparency, we commission multiple third-party audits. The AICPA SOC2 Type-II report is a perfect example of this pledge and focus. This new formal report pertains to Password Hub Business and Password Hub Personal from the period of March 31, 2021, to December 31, 2021. The report covers:
- A description of our security controls.
- A description of the overall effectiveness of our security controls.
- The Auditor’s opinion regarding the suitability of our security controls.
So what’s new in this year’s report? Well, we pushed our control list a little further with some key additions, including:
- Privileged accounts that are restricted to authorized personnel; this prevents day-to-day users from accessing privileged information or privileged functions.
- Dual authorization is now required to perform elevated and critical operations.
As a leader in the remote connection and password management industry, we believe it is necessary to include these controls in our report, and invite an external party to review and validate their suitability and effectiveness.
Transparency & Continuous Improvement
While we are very proud to publish the report for another year, we do acknowledge that an exception was noted with our user security training. Specifically, some of our employees who were selected by the Auditor did not complete the required training. As highlighted in Section 5 of the report, when our Management Team learned of this issue, appropriate corrective action was taken to solve the problem and ensure that it does not happen again.
We are openly divulging this with our customers and community because we firmly believe that having a strong commitment to transparency does not only mean sharing positive news and developments. There are rare occasions where we fall short of our high standards and expectations. When this happens, we do not, as the old saying goes, “hide stuff under the rug.” Rather, we disclose the facts, learn from the situation, and make improvements. At Devolutions, full transparency is a core value, not a flexible option!
How to Access the Report
The new AICPA SOC2 Type-II report is available to customers, partners, and any other relevant stakeholders who are interested in learning more about Devolutions Password Hub’s security protocols. To receive the report, please contact our team by sending an email to firstname.lastname@example.org. A SOC 2 report is complex and is intended for an audience that can understand technical documents.
Also, given the confidential nature of the information disclosed in the report, we will ask each person who requests a copy of our SOC2 report to execute a non-disclosure agreement to preserve the confidentiality of its contents.