We are happy to announce that the SaaS deployment of our Application Security Platform has attained both PCI DSS 3.2 Level 2 for Service Providers and SOC 2 Type I compliance. Achieving both of these attestations is an important milestone for the whole Cequence Security team. Compliance matters to us because it matters to our customers.
It was important to us to demonstrate that our operations are compliant by providing certifications you know and trust, PCI DSS and SOC 2. We’ve undergone 3rd party validation of our API and web application security services and operations to assure that organizations can put their trust in us and be confident in the multi-threat protections we deliver.
Each day we rigorously ensure the security, availability, and resilience of our systems. We have implemented policies that follow best-in-class practices for building and managing cloud environments. We hold our employees and our suppliers to the highest ethical and integrity standards, and we regularly review our practices and make improvements whenever needed. We partner closely with our customers and their users in a shared responsibility model which segments the work and responsibility for keeping all of the SaaS implementations secure. We do this because security is at the core of everything we do.
The Cequence Application Security Platform itself is used by customer organizations as a critical part of their own compliance programs. The Cequence platform provides necessary discovery, detection, and protection capabilities needed to defend against attack campaigns on APIs and web applications which could result in data breach or loss of access to the data.
About PCI DSS 3.2
The PCI DSS is an information security standard created by the major credit card companies and managed by the PCI Standards Security council. The PCI DSS sets a baseline of technical and operational requirements needed to protect credit card account information that is shared across systems including card number, verification number, and expiration date. The Cequence systems do not process or store credit card data. However, incoming cardholder data may be decrypted and forwarded on to the client application if it is in the data stream for the protected website.
About SOC 2
Our examination for the SOC 2 Type I was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants. The examination was designed for the purpose of expressing an opinion about whether, in all material respects, the description of the Cequence systems and corresponding security controls is presented in accordance with the SOC 2 description criteria and whether the controls stated therein were suitably designed to provide reasonable assurance that the service organization’s service commitments and system requirements were achieved based on the applicable trust services criteria. The opinion of the Auditor was based on the examination and the procedures performed in the examination were limited to those that were considered necessary.