A short while ago, we gave you an update on our SOC2 compliance journey.
We're happy to tell you that we've passed a small but significant landmark on that road: we've just been become a SOC2 Type I compliant.
For those who haven't read our SOC2 article explaining the difference between SOC2 Type I and II, here's a short summary.
A Type I report is a compliance snapshot. It says that, for a particular date only, an organization was shown to be SOC2 compliant. While getting a Type I report is laudable, the value of it diminishes as the snapshot date recedes into history. The real goal for most organizations is to show SOC2 compliance continuously. That is what a Type II report shows. This type of report covers a period of time and is the one we're working towards.
Working with our auditors, we're aiming for a full Type II SOC2 compliance some time next year. We're looking forward to bringing you the good news of that accomplishment. Meanwhile, we'll continue to share our experiences on our compliance journey.
By the way, we are using our own products to achieve and maintain SOC 2 Compliant status. You can read more in our latest article for Infosecurity Magazine: Meeting SOC 2 Compliance With Your Own Products.
You may also find this article from KernelCare CEO, Igor Seletskiy, useful in your journey of enabling compliance with faster patch management.
KernelCare is a live patching system that patches Linux kernel vulnerabilities automatically, with no reboots. It's used on over 300,000 servers, and has been used to patch servers running for 6+ years. It works with all major Linux distributions, such as RHEL, CentOS, Amazon Linux, and Ubuntu. It also interoperates with common vulnerability scanners such as Nessus, Tenable, Rapid7, and Qualys. To talk with a consultant about how KernelCare might meet your enterprise’s specific needs, contact us directly at firstname.lastname@example.org.