Affirms steadfast dedication to security in third-party review
In a significant move towards reinforcing its commitment to data security and user privacy, Proton, the provider behind one of the best VPN and encrypted email services on the market, has successfully completed a SOC 2 Type II audit. This audit, conducted by Schellman, an auditing firm that specializes in attestation and certification services, is a testament to Proton's robust internal security controls and operational effectiveness.
The SOC 2 Type II audit, significant for data security and user privacy, validates not only the design but also the ongoing operational effectiveness of a company's security controls over an extended period (usually several months). This audit covers critical trust service criteria like security, availability, processing integrity, confidentiality, and privacy, ensuring that a service provider consistently protects customer data according to rigorous industry standards.
For Proton, successfully completing the SOC 2 Type II audit demonstrates that its security measures are robust and well-implemented in practice, not just theoretical. It shows that their internal controls for protecting user data are effective and consistently enforced. This adds to Proton's credibility, providing third-party, independent assurance that it adheres to strict security policies and procedures.
The SOC 2 Type II attestation strengthens Proton’s position as a privacy-focused provider, complementing its existing certifications such as ISO 27001 and compliance with Swiss data protection laws. This is critical given Proton’s service offering of encrypted email and VPN tools aimed at enhancing privacy.
Proton's Head of Security, Patricia Egger, stated that the SOC 2 Type II attestation demonstrates Proton's operational security. She further added that this attestation signals to businesses that Proton has strong internal controls for data security, which is vital for maintaining customer confidence and helping clients with their own regulatory compliance, such as GDPR.
This is the first time that Proton has achieved the SOC 2 Type II attestation. The successful completion of this audit adds to a growing body of evidence of its commitment to data security and user privacy. It joins Nord Security, the company behind NordVPN, in passing the SOC 2 Type II audit.
Independent audits of no-logs policies are more commonplace, with Surfshark and ExpressVPN both recently having their no-logging claims verified. Proton received its ISO 27001 certification in May 2024, an international standard for managing information security. The SOC 2 Type II attestation further underscores Proton's dedication to maintaining the highest standards of data security and user privacy.
Technology, such as data-and-cloud-computing solutions, play a crucial role in Proton's ability to conduct the SOC 2 Type II audit, reinforcing its commitment to data security and user privacy. This audit showcases the effectiveness of Proton's technology in implementing and enforcing stringent security controls, thereby enhancing its credibility as a provider in the technology sector.
