SOC 2 Compliance with BeyondTrust

SOC 2 Trust Service Principles (TSP) are a set of criteria used to evaluate and assess the controls implemented by service organizations. These principles serve as the foundation for SOC 2 audits and reports. There are 61 criteria and approximately 300 points of focus for Trust Services. Here are the five main Trust Service Principles:

Privacy: Policy dictates the appropriate use, retention, collection, disclosure, and disposal of personally identifiable information (PII).

Security: Measures are in place to protect systems and data against unauthorized access, disclosure, and damage that could jeopardize the system's ability to achieve its objectives.

Confidentiality: Confidential information is safeguarded and secured in accordance with established protocols.

Processing Integrity: System processing ensures accuracy, validity, completeness, and timeliness, maintaining the integrity of customer data throughout data processing.

Availability: Controls are implemented to ensure the availability of information and systems, supporting the operational and strategic objectives of the company and its clients.

Organizations can choose which of the other trust services they’d like to include in the audit. Service organizations are evaluated against these Trust Service Principles to demonstrate their compliance with SOC 2 standards and provide assurance to customers and stakeholders regarding the effectiveness of their controls in these areas.

SOC 3 reports share similarities with SOC 2 Type II, although they are not as extensive or exhaustive in their final presentation. Nevertheless, both SOC 3 and SOC 2 Type II reports draw information from the same source material. SOC 3 reports cater to companies seeking to streamline the level of detail included in the report, enabling them to distribute it publicly while maintaining confidentiality.

The primary purpose of SOC 2 compliance is to maintain a baseline of security that reduces the likelihood of breaches and other security incidents. Passing an SOC 2 Type 2 audit, in particular, can also ensure an organization does not incur fines due to noncompliance.

Since many SOC 2 requirements represent universal cyber risk management best practices, addressing SOC 2 compliance can also help organizations address compliance for other frameworks, such as ISO 27001 and HIPAA.

Finally, achieving SOC 2 compliance can give your customers more confidence in your solutions, particular with regard to competitor vendors who have not earned compliance.

BeyondTrust has successfully completed and demonstrated SOC 2 compliance for multiple products. Our SOC 2 achievements validate that critical service commitments and system requirements are in place, giving customers and partners the peace of mind they need in an enterprise-class cloud service. Our customers can feel confident that we continue to prioritize investments to establish and maintain the highest level of security and compliance for our solution portfolio.

Learn more SOC 2 Compliance for BeyondTrust Products

BeyondTrust provides foundational security that helps our customers reduce risk and achieve compliance with major initiatives, including SOC 2. By addressing identity-based risks and operationalizing privileged access controls, BeyondTrust products support measurable outcomes for advanced workforces.

With BeyondTrust PAM solutions, you can:

• Enforce least privilege across all endpoints, accounts, and identities
• Secure, VPN-less remote access, that includes 2-FA
• Secure management of all privileged credentials (passwords, secrets, SSH keys, etc.)
• Monitor, manage, and audit every privileged session--whether human, machine, employee, or vendor
• Proactively identify identity-based attack vectors and attack pathways