Skip to content

Thycotic Achieves SOC 2 Type 2 Compliance

Washington, DC., April 22, 2020 Thycotic, a provider of Privileged Access Management (PAM) solutions for more than 10,000 organizations worldwide, including 25 of the Fortune 100, announced it has successfully completed a Type 2 Service Organization Control (SOC 2) examination for its flagship product Secret Server Cloud, as well as its Privilege Manager Cloud, Privilege Behavioral Analytics, Account Lifecycle Manager, and DevOps Secrets Vault. Thycotic’s portfolio of solutions specializes in alleviating the strain felt by organizations as they secure privileged accounts across the modern enterprise. Schneider Downs & Co., Inc. conducted the audit and found that Thycotic meets the SOC 2 standards for Security and Availability Trust Services Principles with zero exceptions.

A vital industry-standard, SOC 2 compliance assures the security, availability, processing integrity, confidentiality, and privacy of customer data across solutions. SOC 2 reports demonstrate a company’s ability to not only implement critical security policies but also prove compliance over an extended period.

Terence Jackson, CISO of Thycotic, adds, “As a leading security company, it is of great importance for us to not only practice what we preach but to also seek third-party validation to maintain the trust that our customers have bestowed upon us. Completing this audit with zero exceptions highlights our commitment to serving our customers safely and securely.”

“Thycotic is a valued client of our growing SOC practice and we’ve partnered with Thycotic since the inception of their cloud PAM strategy several years ago,” states Daniel J. Desko, Shareholder, Cybersecurity & IT Risk Advisory Services, Schneider Downs. “As a ‘security-first’ company, Thycotic has always demonstrated to us their immense capabilities of building security and trust into their systems from day one. By consistently raising the bar on their already high standards, they make compliance a breeze.” 

SOC 2 Type 2 standards help companies recognize, communicate, and exercise cross-functional value among DevOps and security teams. Thycotic implemented new policies and technologies to fortify its infrastructure and instill security in every phase of product development. Thycotic used this audit as an opportunity to better integrate its security team within its DevOps practices. The internal team used the company’s flagship solution to help with the examination and to also demonstrate Thycotic’s security posture for any ongoing audit.