oak9 Achieves SOC2 Type II Certification, Validating Automation-First Strategies

Share Article

Third-party auditor confirms for customers that oak9 maintains mature security practices

oak9 Security as Code dashboard with AICPA SOC2 Certification Seal

oak9 Achieves SOC2 Type II Certification, Validating Automation-First Strategies

"Our strategy around security processes and controls is automation-first, development-first — just like our product strategy" - Aakash Shah, Co-Founder and CTO, oak9

In today’s dangerous cyber landscape, more organizations are dealing with security incidents due to third-party vendors. This means the bar needs to be raised for security companies that aim to provide best practices and assure their customers.

oak9, leader in infrastructure-as-code (IaC) security, has achieved SOC 2 Type II certification to validate its high level of maturity with internal security practices, business practices, resiliency, and privacy. System and Organization Controls (SOC) 2 is defined by the American Institute of Certified Public Accountants and widely adopted across several sectors.

More than 300 requirements were met for oak9 to become SOC 2 certified. The process included an extensive examination of oak9’s controls, practices, org charts, and business processes, their effectiveness and value, and more by a professional third-party auditor.

“Our strategy around security processes and controls is automation-first, development-first — just like our product strategy,” said Aakash Shah, Co-Founder and CTO at oak9. “We practice what we preach to our customers. Our core capabilities around automation and development allowed us to get through the SOC 2 assessment without significant efforts. The oak9 Security-as-Code (SaC) platform also supports SOC 2 standards, so users can be compliant just as easily as we are.”

Reliance on automation makes assessment against change management controls easy. Every change has a history of auditing, review, and approval – which allows oak9 to demonstrate compliance, and more importantly, that good practices lead to good outcomes and meet those business objectives around security, availability, processing integrity, confidentiality, and privacy.

oak9 works with auditors and others in the industry to modernize and evolve SOC 2 to keep up with forward, modern development practices. The company also follows best practices from the Open Web Application Security Project (OWASP) and Cloud Security Alliance (CSA).

Learn more about oak9’s security best practices, which help protect customers’ organizations.

About oak9
oak9 secures cloud native infrastructure for developers. oak9 Security as Code continuously finds, analyzes, and remediates security and compliance issues in real-time, as changes occur in infrastructure as code (IaC) and deployed cloud workloads. oak9’s proprietary Security as Code (SaC) blueprints support 20-plus compliance standards out-of-the-box including HIPAA, HITRUST, PCI, SOC2 and ISO27001. oak9’s open-sourced Security as Code also enables security engineers to extend oak9 security blueprints for additional guard rails. Headquartered in Chicago, oak9 is a Built in 2022 Start-up to Watch backed by investors Menlo Ventures, HPA, Cisco Investments, and Morgan Stanley’s Next Level Fund. oak9 partners with HashiCorp, AWS, and Microsoft, and actively supports the Cloud Security Alliance (CSA) and Open Web Application Security Project (OWASP). Keep in touch with oak9 on LinkedIn, Twitter, Youtube, and TikTok, or visit oak9.io.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Matt McLoughlin
Follow >

Visit website