Horangi HAS announced it has successfully achieved SOC 2 Type II Compliance and Certification, making it one of the first cybersecurity companies in Asia to do so.
Developed by the American Institute of CPAs (AICPA), the SOC 2 compliance framework is internationally recognised as the gold standard for security compliance for Software-as-a-Service (SaaS) companies. It requires companies to establish and follow strict information security policies and procedures encompassing the security, availability, and confidentiality of customer data. Horangi identified shortfalls and introduced the fundamental changes required to strengthen the necessary security controls.
Certification involves a technical auditing process that validates internal control policies and practices, ensuring the organisation is operating in accordance with SOC 2 standards. Organisations are required to demonstrate the effectiveness of their information security control environment for a period of 3 to 12 months. Coalfire, conducting the audit over a 4-month review period for security and confidentiality criteria, concluded that Horangi upheld the essential criteria around secure data management for its cloud security products and services.
The newly acquired SOC 2 certification further bolsters Horangi’s CREST-accredited cybersecurity consulting services and Gartner-recognised Warden cloud security platform after the company was inducted into programs by Singapore’s Infocomm Media Development Authority (IMDA) and Cyber Security Agency of Singapore (CSA) earlier in the year.
Paul Hadjy, CEO and Co-founder, Horangi, said: “Attaining the SOC 2 Type II certification demonstrates Horangi’s dedication to meeting the most rigorous security and confidentiality standards at a time where data breaches and misuse are prevalent. We developed more than twenty policies and implemented new procedures and tools, enhancing our monitoring and security management capabilities according to the stringent prerequisites of the SOC 2 certification. It has been an intense but fruitful year-long endeavour for the Horangi team, and we remain committed to enhancing our services in alignment with evolving industry requirements.”
Horangi leveraged its flagship cloud security platform, Warden, to manage configurations, Identity and Access Management (IAM), and potential vulnerabilities for deployment of these new policies and procedures. This was streamlined by the use of JumpCloud for onboarding, offboarding, access management and monitoring.
“The best practices are built into our daily operations, throughout every team from the technical team to people operations, enabling us to achieve optimal security outcomes for organisations we serve. Constant innovation in alignment with best-in-class practices has been a key facet of our growth strategy, and will continue to drive our success as a cloud security leader in Asia,” added Hadjy.
Horangi Warden currently includes APAC-focused compliance automation that supports standards such as MAS TRM, BNM-RMiT, OJK, and APRA. Support for upcoming standards such as the PDPA in Thailand will be incorporated on a regular basis. Horangi also obtained the Amazon Web Services (AWS) Security Competency and Public Sector Competency earlier in 2021.