Thycotic Expands Scope of ISO 27001 and SOC2 Type II Security Certifications
Washington, D.C., September 29, 2020 — Thycotic, a provider of privileged access management (PAM) solutions for more than 10,000 organizations worldwide, including 25 of the Fortune 100, today announced that it has successfully completed the audit for ISO 27001 and SOC 2 Type II attestations. Compliance with this standard demonstrates Thycotic’s global commitment to a repeatable, continuously improving, risk-based security program. The company’s information security management system was inspected by Coalfire ISO, a certification body for management systems accredited through the ANSI-ASQ National Accreditation Board (ANAB).
The newly expanded scope of the ISO/IEC 27001:2013 certification includes Thycotic’s Information Security Management System (ISMS) and encompasses the in-scope applications, systems, people, and processes that support Secret Server Cloud, Privilege Manager Cloud, Privileged Behavior Analytics, Account Lifecycle Manager, DevOps Secrets Vault, Remote Access Controller, Cloud Access Controller, and Database Access Controller.
Service Organization Control (SOC) 2 reports are based on the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria. SOC 2 Type II is an in-depth examination of a company’s internal control policies and practices over a set period of time. The goal is to assess and validate the implementation of best practices around corporate infrastructure, internal processes, data management, data privacy, and security.
Schneider Downs, a certified, third-party firm, conducted an audit and verified that Thycotic has internal controls in place that meet the Trust Services Criteria for security, availability, processing integrity, and confidentiality, and that they’re operating effectively.
“The ISO 27001 certification and SOC2 Type II attestation validates our commitment to the protection of our customers’ information,” said Terence Jackson, Chief Information Security, and Privacy Officer at Thycotic. “With these under our belt, we are demonstrating to our customers that we have applied appropriate controls throughout both our corporate and production environments to maximize the confidentiality, integrity, and availability of these systems. We are safeguarding our customers’ “crown jewels,” providing additional transparency, and demonstrating the highest standards for securing data.”