Ericom Software and ZTEdge Solutions are
SOC 2 Type 2 Compliant

SOC 2 Type 2 certification is your assurance that all Ericom Software and ZTEdge solutions, including the Ericom Global Cloud that serves up the ZTEdge SASE platform, Web Isolation and Remote Browser Isolation, deliver privacy and security in accordance with the rigorous standards set by the American Institute of Certified Public Accountants (AICPA).

Read the ReportRequest a Demo

Going the Extra Mile to Keep Our Customers Secure

bug icon

Security

bug icon

Availability

bug icon

Processing

bug icon

Privacy

bug icon

Confidentiality

SOC 2 is a voluntary framework for technology companies that store customer data in the cloud. The framework, developed and administered by the AICPA, defines detailed IT control criteria for proper management of customer data, based on five trust service principles.

SOC 2 also refers to the technical audit process undergone by Ericom Software, conducted by AICPA certified auditors, that certified the company as compliant.

Finally, Type 2 certification details the operational effectiveness with which our systems support compliance with the trust criteria.

Cloud service providers are not required to be SOC 2 certified. As a provider of Zero Trust secure access solutions, however, Ericom is committed to operating in full accordance with the SOC 2 trust service criteria. Our customers should expect nothing less.

Trust Services Criteria

The Trust Services Criteria (TSC) are control criteria for use in attestation or consulting engagements to evaluate and report on controls over information and systems (a) across an entire entity; (b) at a subsidiary, division, or operating unit level; (c) within a function relevant to the entity’s operational, reporting, or compliance objectives; or (d) for a particular type of information used by the entity. The TSC are classified into the following categories:

Security

The security principle covers how system resources should be protected against unauthorized access to information and its improper disclosure, as a result of theft or system abuse. Web app isolation, multifactor authentication, Zero Trust Network Access (ZTNA) and Virtual Meeting Isolation are some of the tools that can be used to prevent access.

Availability

System availability refers to how accessible a system, product or service is to customers. It is measured against service level agreements (SLAs) or contracts between the company and its customers. Site failover and security incident handling, which can impact availability, are covered under this principle, as is monitoring of network performance.

Processing

This principle covers core product or service performance: Delivering complete, valid, accurate, and timely information to the right customer when they need it, through efficient and effective data processing. SOC 2-compliant companies are required to monitor data and implement quality assurance processes to ensure processing integrity.

Privacy

Strict AICPA privacy standards, known as Generally Accepted Privacy Principles (GAPP) govern the collection, use, retention, disclosure and disposal of all personal information. SOC 2-compliant organizations are required to adhere to those standards.

Confidentiality

Confidentiality requirements apply to data for which access is limited to a specific set of individuals or organizations. Confidentiality may be maintained through strict network and application controls such as ZTEdge policy-based controls, as well as data encryption.