Announcing SOC 2 Type 1 Certification for Altium 365
We are pleased to announce that Altium 365 is officially SOC 2 Type 1 certified.
The audit was performed by KPMG LLP, which included a review of Altium’s controls related to security, availability, processing integrity, confidentiality, and privacy, based on the Trust Services Criteria (TSC) of the American Institute of Certified Public Accountants (AICPA). The report ensures that the system is designed and implemented to meet the following criteria:
- Security. User entity data is protected from unauthorized disclosure and unauthorized access.
- Information Accuracy. User entity data is protected from unauthorized changes and safeguards information's accuracy and completeness.
- Regulatory compliance. Altium has complied with policies, standards, and regulatory requirements relevant to the system.
This achievement marks an important milestone in the deployment of Altium 365. Our team designed Altium 365 to meet the needs of corporate data protection, building all facets of security—encryption, identity management, role-based access control, and compliance data.
What is SOC 2, and why is it important?
System and Organization Controls (SOC) 2 is a widely recognized attestation of security compliance defined by the AICPA and is considered the standard for ensuring data security and operational maturity. A SOC 2 certification provides valuable information for companies to assess the quality of the security provided by a service such as Altium 365.
Many companies have high requirements for technology vendors, especially SaaS vendors. When we meet with potential customers, they often have many questions about our policies and procedures, including securing data, controlling access, and tracking and responding to incidents. Our SOC 2 certification report provides detailed answers to these questions and facilitates the security approval process with these customers.
What is a SOC 2 Type 1 Report?
During a SOC 2 audit, the auditor validates the presence of the organization's description and the sustainability of the design of control activities against the selected Trust Services Criteria (TSC): security, availability, confidentiality, privacy, and process integrity. This report will also include management's description of a service organization's system, including service commitments, system requirements, and the suitability of the controls' design.
Where can I get more information about SOC and other compliance topics?
We recommend that you bookmark our Trust Center and visit it often to find out more about SOC and information related to Altium’s security, privacy, and compliance. Our Trust Center Knowledge Base is often updated with the latest information about relevant topics, and your input is valuable to us.
What are the next steps?
We have started working toward our next milestone: achieving SOC 2 Type 2 compliance, which will be based on what we have already attained with our Type 1 certification. Attaining the SOC 2 Type 2 certification will ensure that our customers' trust in us remains intact. Customers should be confident that their data is safe and secure.
A copy of Altium's SOC 2 Type 1 report is available to current and potential users under NDA upon request.