Skip to main content

Ordr’s SOC 2 Type 2 Certification: Why it’s important and what it means for our customers

As shared in our press release, we're excited to announce that Ordr has successfully achieved SOC 2 Type 2 Compliance.

This is a milestone for Ordr, as we’ve been investing heavily in our security programs and operations since our inception. It also takes a tremendous amount of discipline to get to SOC 2. This SOC 2 certification announcement is a testament to the rigor and diligence in the way we build our product, run our cloud and data center operations, how we protect our IT assets, and how we secure our customer instances on a daily basis.

It demonstrates to our customers the confidence that we have the proper controls in place to protect their data, and is another example of how Ordr is leading the connected device security market.

 

Why is SOC 2 Important?

With cyberattacks hitting the headlines almost every single day, protecting your data is critical. This includes not only the data that stays within the confines of your technical infrastructure but also data that is “managed” by security vendors.

SOC 2 certification provides attestation that Ordr is meeting the rigorous standards for data protection and security

What is a SOC 2 assessment?

Developed by the American institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data in accordance with five key service principles: security, availability, processing integrity, confidentiality, and privacy.

SOC 2 assessments can be carried out in one of two ways:

  • A SOC 2 Type I assessment attests to the design and implementation of controls at a single point in time.
  • A SOC 2 Type II assessment attests to the design, implementation, and operating effectiveness of controls over a period of time, usually between 3 and 12 months.

In our case, Ordr was certified for SOC 2 Type 2. As part of our SOC 2 Type 2 audit, the assessor validated that our controls were not only designed and implemented, but that they also operated effectively and as intended over the defined period.

While the SOC 2 Type II assessment takes longer to complete, it demonstrates our commitment to robust information security and the implementation of controls, systems, and processes to protect sensitive customer data for some time now.

 

What criteria did Ordr meet in our SOC 2 assessment?

To complete the audit, Ordr engaged with an independent third-party auditing firm, who performed an extensive audit and examination of Ordr Systems Control Engine systems, tools, processes and operations in the following areas:

  • Systems, information, network, infrastructure security;
  • Secure software development methodologies;
  • Information security policies and procedures;
  • Risk mitigation and incident response;
  • Logical and physical access controls;
  • Employee engagement and training;
  • Cloud and data center operations;
  • Vendor management; and,
  • Customer support.

If you’d like to learn more about Ordr, or understand how we address the problem of connected device security, please follow us on LinkedIn or Twitter, or request a demo here.

About the Author

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

Profile Photo of Pandian Gnanaprakasam