EmpowerID is proud to announce that we have achieved SOC 2 Type II compliance in accordance with the American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations, also known as SSAE 18. This achievement, with an unqualified opinion, stands as a testament to our commitment to providing enterprise-level security for our customers' data.

As an Identity and Access Management (IAM) solution provider, we recognize the critical nature of the data entrusted to us by our clients. This certification underscores our commitment to maintaining the highest standards of security and compliance in our industry. It serves as an independent validation of our robust security practices, designed to safeguard the confidentiality and integrity of our customers' sensitive information.

What SOC 2 Type II Certification Means

SOC 2 Type II compliance is a rigorous auditing process that evaluates an organization's controls over a period, ensuring they meet the trust service criteria for security, availability, processing integrity, confidentiality, and privacy. This certification is crucial for organizations like EmpowerID that operate in the cloud and handle sensitive data, as it provides assurance to customers and stakeholders about the robustness of our security practices.

SOC 2 Type I vs. Type II: What’s the Difference?

Understanding the difference between SOC 2 Type I and Type II is essential for appreciating the significance of this certification. SOC 2 Type I assesses the design of security processes at a specific point in time, ensuring that the necessary controls are in place. In contrast, SOC 2 Type II goes a step further by evaluating the operational effectiveness of these controls over a period of time, typically six months to a year. This continuous assessment provides a more comprehensive view of an organization's security posture, demonstrating consistent and reliable application of security controls.

Security as a Core Value

At EmpowerID, security is ingrained in our company values and principles. Here’s how we ensure the highest standards of security across our operations:

People Security:

• All employees and contractors undergo comprehensive background checks.
• Confidentiality agreements are mandatory for everyone with access to sensitive information.
• Regular security training and testing are conducted to keep our team updated on the latest security practices and threats.

Secure Development Lifecycle:

• Our development processes adhere to secure development lifecycle principles.
• Security requirements are incorporated into all new projects and major changes.
• Annual secure development training is provided to all relevant team members.

Comprehensive Secure Testing:

• Regular third-party penetration testing and vulnerability scanning are conducted.
• New systems are thoroughly scanned before deployment.
• Both static and dynamic application security testing are integral to our development process.

Robust Cloud Security:

• Our cloud platform uses a multi-tenant architecture with complete customer isolation.
• Data encryption is enforced both at rest and in transit.
• Role-based access controls and least privileged access principles are strictly implemented.

Independent Validation by Prescient Assurance

Our SOC 2 Type II audit was conducted by Prescient Assurance, a leader in security and compliance attestation. Prescient Assurance’s rigorous audit process affirms that EmpowerID’s security practices meet the highest industry standards. For more information about Prescient Assurance, visit Prescient Assurance.

Commitment to Compliance

EmpowerID is dedicated to providing secure products and services that safely manage millions of digital identities worldwide. Our SOC 2 Type II certification, along with other certifications, demonstrates our ongoing commitment to security and compliance.