Horangi, a Singapore-headquartered cybersecurity company which provides security solutions optimised for cloud-based organisations across Southeast Asia, has announced that it has successfully achieved SOC 2 Type II Compliance and Certification, making it one of the first cybersecurity companies in Asia to do so.
This is a testament to Horangi’s ongoing dedication to advancing the maturity of its security program, and reaffirms its ongoing commitment to meeting trust services criteria in information and data security, the company said. Developed by the American Institute of CPAs (AICPA), the SOC 2 compliance framework is internationally recognised as the gold standard for security compliance for Software-as-a-Service (SaaS) companies.
It requires companies to establish and follow strict information security policies and procedures encompassing the security, availability, and confidentiality of customer data. Horangi invested efforts into identifying shortfalls and introducing fundamental changes at the company to strengthen necessary security controls.
Paul Hadjy, CEO and Co-founder, Horangi, said: “Attaining the SOC 2 Type II certification demonstrates Horangi’s dedication to meeting the most rigorous security and confidentiality standards at a time where data breaches and misuse are prevalent. We developed more than twenty policies and implemented new procedures and tools, enhancing our monitoring and security management capabilities according to the stringent prerequisites of the SOC 2 certification. It has been an intense but fruitful year-long endeavour for the Horangi team, and we remain committed to enhancing our services in alignment with evolving industry requirements.”
Certification involves a technical auditing process that validates internal control policies and practices, ensuring that the organisation is operating in accordance with SOC 2 standards. Organisations will be required to demonstrate the effectiveness of their information security control environment for an extended period of in the range of 3 to 12 months. Coalfire, who conducted the audit over a 4-month review period for security and confidentiality criteria, concluded that Horangi has upheld the essential criteria around secure data management for its cloud security products and services.
The newly acquired SOC 2 certification further bolsters Horangi’s CREST-accredited cybersecurity consulting services and Gartner-recognised Warden cloud security platform after the company was inducted into programs by Singapore’s Infocomm Media Development Authority (IMDA) and Cyber Security Agency of Singapore (CSA) earlier in the year.
Horangi leveraged its flagship cloud security platform, Warden, to manage configurations, Identity and Access Management (IAM), and potential vulnerabilities for deployment of these new policies and procedures. This was streamlined by the use of JumpCloud for onboarding, offboarding, access management and monitoring.
“The best practices are built into our daily operations, throughout every team from the technical team to people operations, enabling us to achieve optimal security outcomes for organisations we serve. Constant innovation in alignment with best-in-class practices has been a key facet of our growth strategy, and will continue to drive our success as a cloud security leader in Asia,” added Hadjy.
Horangi Warden currently includes APAC-focused compliance automation that supports standards such as MAS TRM, BNM-RMiT, OJK, and APRA. Support for upcoming standards such as the PDPA in Thailand will be incorporated on a regular basis. Horangi also obtained the Amazon Web Services (AWS) Security Competency and Public Sector Competency earlier in 2021, positioning it well to maintain its leading market position and magnifying the effectiveness of its solutions in a rapidly digitalising economy.