Magnolia’s security is officially SOC 2 Type 2 compliant
  • Jan Haderka
    Chief Information and Security Officer (CISO), Magnolia
Jun 21, 2024
--
JuneJuly_SOC2 certified-blog

Magnolia’s security is officially SOC 2 Type 2 compliant

Magnolia in just 12 minutes

Why not learn more about what Magnolia can do while you have a coffee?

Watch now

At Magnolia, maintaining our customers’ security is always our highest priority. That’s why we are pleased to announce the successful completion of our SOC 2 Type 2 audit. This compliance represents yet another milestone in our commitment to delivering the most secure DXP on the market—so you can deliver great digital experiences to your customers without worrying about data security or downtime.

Our complete security package is what makes us the secure DXP of choice for many high-profile customers in heavily-regulated industries such as banking, financial services, government services, biotech or pharma, and why our customers trust us when they release market-sensitive financial information.

What is the SOC 2 Type 2 certification?

SOC stands for System and Organizational Controls, and it’s a framework developed by the American Institute of Certified Public Accountants (AICPA) for the purpose of providing regular, independent verification of the controls that a company has implemented to mitigate information-related risks.

The SOC 2 Type 2 audit verifies that Magnolia’s internal controls, policies, and procedures conform to stringent security and operational standards that demonstrate the suitability of the design and operating effectiveness of its controls relevant to SOC 2 security criteria. SOC 2 defines criteria for managing customer data based on five "Trust Service Criteria":

  • Security

  • Availabilty

  • Processing integrity

  • Confidentiality

  • Privacy

Certification demonstrates a company's ability to not only implement critical security policies but also prove compliance over an extended period. That means that a SOC 2 Type 2 report is an independent verification that customers can trust our security measures.

What is the difference between Type 1 and Type 2?

While a Type 1 report covers an organization’s commitment to information security, the Type 2 report goes a step further. It shows that an organization has not only designed controls, but they were operating effectively through the determined review period. It can therefore be concluded that the organization is capable of maintaining information security. A Type 1 report offers a snapshot of what the organization can offer in terms of security and does not measure ongoing activity.

A Type 2 report is a more complete perspective over time, as the organization must monitor and maintain controls throughout the full year. This helps in streamlining and reinforcing policies and procedures among team members on an ongoing basis and gives our customers the reassurance that our security policies are always fully in force rather than made to look their best for assessment day.

Of course, we can’t assess this ourselves. Our SOC 2 audit was conducted by leading compliance assessor A-LIGN, a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to help mitigate cybersecurity risks.

Why SOC 2 Type 2 certification matters

Achieving this certification validates the work of not just our security team, but everyone across Magnolia. Security is the heart of everything we do, and I’m so pleased that this has been recognized with this certification.

Of course, we offer a huge range of security features that support this certification. To learn more about our security approach and features, you can see it all on our security page.

About the author

Jan Haderka

Chief Information and Security Officer (CISO), Magnolia

Jan has been developing software since 1995. Since 2000, he is focusing on content and knowledge management, having played a key role in Magnolia’s growth. After joining Magnolia as a developer in 2007, he became Head of Support, ran Magnolia’s Czech office, and took on the role of CIO and CTO. Since 2022, Jan is serving as Magnolia’s CISO.