INFO: Does Venafi support SOC 2 and/or SSAE 16?
SOC 2 is the internet standard Service Organization Control 2 for reporting regarding outsourced tasks and functions. SSAE 16 is the older standard Statement on Standards for Attestation Engagements 16.
Venafi management has provided the following statement as Venafi's official statement regarding support for SOC2 and SSAE 16, as of September 2017:
The intent of an SSAE 16 is to address multiple controls for services organizations that hold customer data. One example would be a business offering Software as a Service, or, SaaS.
That being, our Trust Protection Platform (TPP) is an on-premise solution and an SSAE 16 isn’t applicable.
However, several of our products are beginning to exist within the cloud and we’re in the process of obtaining an SSAE 16 SOC 2 attestation focusing on security, availability, processing integrity, confidentiality.
That process is lengthy and we will notify our customers once obtained.