Magnolia’s security is officially SOC 2 Type 2 compliant

At Magnolia, maintaining our customers’ security is always our highest priority. That’s why we are pleased to announce the successful completion of our SOC 2 Type 2 audit. This compliance represents yet another milestone in our commitment to delivering the most secure DXP on the market—so you can deliver great digital experiences to your customers without worrying about data security or downtime.

Our complete security package is what makes us the secure DXP of choice for many high-profile customers in heavily-regulated industries such as banking, financial services, government services, biotech or pharma, and why our customers trust us when they release market-sensitive financial information.

SOC stands for System and Organizational Controls, and it’s a framework developed by the American Institute of Certified Public Accountants (AICPA) for the purpose of providing regular, independent verification of the controls that a company has implemented to mitigate information-related risks.

The SOC 2 Type 2 audit verifies that Magnolia’s internal controls, policies, and procedures conform to stringent security and operational standards that demonstrate the suitability of the design and operating effectiveness of its controls relevant to SOC 2 security criteria. SOC 2 defines criteria for managing customer data based on five "Trust Service Criteria":

Certification demonstrates a company's ability to not only implement critical security policies but also prove compliance over an extended period. That means that a SOC 2 Type 2 report is an independent verification that customers can trust our security measures.

While a Type 1 report covers an organization’s commitment to information security, the Type 2 report goes a step further. It shows that an organization has not only designed controls, but they were operating effectively through the determined review period. It can therefore be concluded that the organization is capable of maintaining information security. A Type 1 report offers a snapshot of what the organization can offer in terms of security and does not measure ongoing activity.

A Type 2 report is a more complete perspective over time, as the organization must monitor and maintain controls throughout the full year. This helps in streamlining and reinforcing policies and procedures among team members on an ongoing basis and gives our customers the reassurance that our security policies are always fully in force rather than made to look their best for assessment day.

Of course, we can’t assess this ourselves. Our SOC 2 audit was conducted by leading compliance assessor A-LIGN, a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to help mitigate cybersecurity risks.

Achieving this certification validates the work of not just our security team, but everyone across Magnolia. Security is the heart of everything we do, and I’m so pleased that this has been recognized with this certification.

Of course, we offer a huge range of security features that support this certification. To learn more about our security approach and features, you can see it all on our security page.