With trust being at the heart of successful business relationships, I’m delighted that Celonis has passed the SOC 2 Type 1 audit – underlining our ongoing investment into guaranteeing the security of our customers’ data, and providing official proof that we’re able to meet the strictest industry standards for security and trust controls as we reach deep into customer data to deliver frictionless processes.
This is great news for our customers. Celonis is the only process mining vendor that is ISO 27001 certified and SOC 2 Type 1 audited. This means unrivalled peace of mind for customers that their data is safe with us. The SOC 2 audit shows and delivers objective proof that Celonis has established processes to safeguard customers’ valuable business data. That’s massively important because data is the catalyst for digital transformation and optimizing your business processes is the key to unlock the value from this data.
And for Celonis, it’s big news too. On top of achieving the already-strict ISO 27001:2015 certification, SOC 2 provides an independently-audited proof point of our commitment to security management, as a key factor in driving our expansion as the leader in process mining to map business processes – and to go beyond this with our new suite of Operational Apps. Why? Because completing the SOC 2 Type 1 audit provides further proof that Celonis delivers world-class security, in adherence with global compliance standards. At the heart of our approach is the Celonis Security & Trust Center. This defines how we have built in security and privacy to everything we do. Of course, SOC 2 isn’t the first official certification for Celonis – in fact, we’ve got a wall full of official certificates, since we’ve already achieved ISO 27001:2015 (information security management), Cloud Security Alliance CSA-STAR Level 1, ISO 9001:2015 (quality management), SOC 2 (secure data management), EU-US Privacy Shield Framework certification, GDPR (data processing) and the automotive industry Trusted Information Security Assessment Exchange (TISAX).
But for us, SOC 2 is the icing on the cake. It underlines that we’re raising the bar - in addition to our industry-leading process mining software, we also aim to be the gold standard in security compliance. And we’ve done that because we recognize the importance of SOC 2 to our customers – especially in North America – where we are fast-tracking our business growth.
SOC 2 is truly a milestone in being able to provide large enterprise customers with the total reassurance that we have all the processes in place to safeguard their valuable business data. This is important in every business relationship, and especially so in business process analysis and automation. This takes a deep look inside a customer’s internal operations – so this new audit continues to provide reassurance to our customers about the steps we take to safeguard their core data.
SOC 2 is a comprehensive reporting framework established by the AICPA, the American Institute of Certified Public Accountants, the world’s largest member association representing the accounting profession. SOC 2 is a standard for the assessment and testing of controls related to system architecture, data flow and processes. Audits confirm that these controls have been designed and implemented to meet the Trust Service Criteria (TSC) specified by the AICPA in three key areas:
● Security – proving that our systems are stringently protected against unauthorized access
● Availability – ensuring that our systems are robust enough to keep on running
● Confidentiality – protecting the valuable information that our customers share with us
It’s a stringent process to achieve a successful SOC 2 examination, and it doesn’t happen overnight. I’m proud of the commitment from a wide team of Celonauts and partners who all played their role in reaching this goal. First, a company is required to put into place compliant processes. Once these are up and running, we underwent an independent Service Organization Control (SOC) 2 Type 1 audit. It’s the attention to detail in this process which ensures that SOC 2 is considered to be the gold standard for data security and governance, going beyond regional legislation such as GDPR and HIPAA.
As I mentioned earlier, security is built into every layer of our platform, and therefore a key reason Celonis was able to pass the SOC 2 Stage 1 audit. Because of our approach, customers can customize security controls to meet their exact needs and standards.
Data security is a topic close to my heart - it reflects our commitment to customers and partners. Passing the SOC 2 examination means peace of mind that we adhere to the highest possible standards in accessing our customers’ critical business data.
For enterprises, transforming business processes starts by sharing data to enable process analysis and optimization. For any organization that is still cautious about process mining, because it allows third-party access to data, SOC 2 provides the highest level of assurance. With SOC 2, there’s no reason for enterprises NOT to start making the most out of their data. The journey starts by optimizing and accelerating core operations to drive operational excellence in efficiency and productivity … show me an organization that would not want to achieve that?
Insights to inbox - Monthly newsletter
Relive the magic and experience the new state of Business Execution.