Centrify Certifies its Protection of Customer Information; Earns SOC 2 Compliance and TRUSTe Privacy Distinction
Independent Auditors Validate that Centrify's Cloud Service and Website Controls Meet the Highest Standards of Trust for Customers; Centrify Achieves Milestone with no Exceptions
March 27, 2013
SUNNYVALE, Calif. — Centrify Corporation, the leader in Unified Identity Services across data center, cloud and mobile, today announced that it has earned two highly respected cloud operations and security distinctions for assuring customer privacy and protection of data. Centrify has undergone a service organization control (SOC) examination of its internal controls over the security, availability and confidentiality of customer data, passing without exception and providing assurance to customers that their data is secure and confidential in the Centrify Cloud Service. Centrify has also earned the TRUSTe Certified Privacy Seal signifying that its privacy statement and associated practices to protect customer data are compliant with the TRUSTe program requirements.
The Centrify Cloud Service is a multi-tenanted service which provides secure enforcement of policies and access controls for mobile device security and SaaS application management while leveraging organizations’ on-premise Active Directory infrastructure. Achieving compliance with important trust services principles in a SOC engagement demonstrates that the Centrify Cloud Service has effective controls in place to meet the established standards for protecting customer and third-party data. The examination, performed by Frank, Rimerman + Co. LLP, a Bay Area CPA firm experienced in SOC examinations, included controls over Centrify’s human resources, communications, risk management, technology, physical security, software development, monitoring, and data archiving and backup.
"A SOC examination is a rigorous test for a company to pass," said Jason Stork, Senior Manager at Frank, Rimerman + Co. LLP. "Centrify has worked hard over an eight-month period to establish strong controls over its cloud operations and effectively implement them. We tested more than 100 controls related to data security, availability and confidentiality and noted no exceptions in these controls from Centrify."
With the TRUSTe Certified Privacy Seal earned and displayed on the Centrify website, customers are assured that both the Centrify Cloud Service and Centrify website meet the TRUSTed Cloud Program Requirements, including transparency and accountability regarding the collection and use of entered personal information. The TRUSTe program covers information that is collected, handled or maintained through the corporate website at http://www.centrify.com/ and the Centrify’s Software-as-a-Service offering at cloud.centrify.com.
"Centrify customers have come to rely on us as a trusted partner within their IT environment, and we are committed to that same level of trust when it comes to our cloud operations," said Adam Wu, Centrify Director of Engineering and Operations, Centrify Cloud Service. "These new certifications assure our customers that we value and have safeguards in place for their data that is operating in our cloud. We are pleased to have met and exceeded the critical standards and controls established for these important distinctions, especially being in an elite group when it comes to SOC 2 compliance with no exceptions."
The SOC 2 report on controls at service organizations uses stringent criteria established by the American Institute of Certified Public Accountants (AICPA). These internationally recognized standards replace the SAS 70 report with outsourced services, addressing technological advances and risks, including cloud services. This comprehensive and independent examination thoroughly investigates and reviews expected practices, verifies these practices are in place, and ensures Centrify meets the high standards set by the AICPA to protect customer and third-party data.
TRUSTe’s mission as an independent third party is to accelerate online trust among consumers and organizations globally through its leading privacy Trustmark and innovative trust solutions. In addition, Centrify complies with the U.S. - E.U. Safe Harbor framework and the U.S. - Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Centrify has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Centrify’s certification, visit http://www.export.gov/safeharbor/.
Centrify provides Unified Identity Services across the data center, cloud and mobile that results in one single login for users and one unified identity infrastructure for IT. Centrify’s solutions reduce costs and increase agility and security by leveraging an organization’s existing identity infrastructure to enable centralized authentication, access control, privilege management, policy enforcement and compliance. Centrify customers typically reduce their costs associated with identity lifecycle management and compliance by more than 50 percent. With more than 4,500 customers worldwide, including 40 percent of the Fortune 50 and more than 60 Federal agencies, Centrify is deployed on more than one million server, application and mobile device resources on-premise and in the cloud. For more information about Centrify and its solutions, call (408) 542-7500, or visit http://www.centrify.com/.
Centrify, DirectAudit, DirectControl and DirectSecure are registered trademarks and DirectAuthorize and DirectManage are trademarks of Centrify Corporation in the United States and other countries.