At MoEngage, our customers’ information security is our top consideration; we have invested in building services and operational controls to ensure this. Our aim has always been to adhere to the best security practices in the industry so our customers can execute their insights-led engagement strategies.
Today, I am excited to announce that MoEngage has received the SOC 2 Type 2 and CSA STAR attestation. These certifications result from in-depth third-party audits by Accedere that scrutinize the architecture and operations of MoEngage’s SaaS service and infrastructure. These certifications further reinforce our commitment to essential industry principles and best practices.
The System and Organization Controls or “SOC” 2 Report addresses an organization’s controls against the AICPA’s Trust Services Criteria. The SOC 2 Type 2 Report focuses on management’s description of a service organization’s system and the suitability of controls’ design and operating effectiveness.
MoEngage has completed the SOC 2 Type 2 Certification for its SaaS Infrastructure and Services on the following Trust Service Criteria:
The Cloud Security Alliance Security Trust Assurance and Risk (CSA STAR) Program encompasses fundamental principles of transparency, rigorous auditing, and harmonization of standards.
The Level 2 CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for certified public accountants (CPAs) to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix. The Level 2 CSA STAR Attestation provides for independent third-party assessments of cloud providers.
MoEngage has completed the CSA STAR Level 2 Attestation for its SaaS Infrastructure and Service.
Our SOC 2 report reiterates strong internal controls designed and implemented in alignment with the security principles defined in the Trust Services Principles and Criteria for Security. Further, our CSA STAR attestation validates that our cloud security measures meet the criteria outlined in the CSA Cloud Controls Matrix (CCM) Version 4.0.5 control specifications (CCM Criteria).
These industry attestations prove that MoEngage can design, build, and operate a secure, resilient service that brands can rely on for customer engagement. When your security teams evaluate our service design, these certifications validate our ongoing commitment to data security best practices.
Achieving these certifications is not easy and requires a dedicated effort. MoEngage is committed to delivering services at the highest standards, and maintaining industry certifications is key to demonstrating that commitment. Here’s how we achieved these certifications:
The most important action we took to gain these certifications was to build an excellent service. We have held world-class security and operations practices as fundamental to our delivery model since the beginning. It only took a few minor adjustments and refinements to some of our practices for us to make the grade.
As we built our SaaS platform, we also strengthened our product management and engineering teams. Our team has rich experience in SaaS and has helped create some of the most well-known services from reputed companies. By leveraging all that experience and knowledge of best practices, MoEngage fundamentally changes how brands digitally engage with their customers and ensures insights-led customer engagement.
MoEngage SaaS Application is listed publicly in the CSA STAR Registry. While preparing for CSA STAR, we reached out to a third-party auditor to begin the process of evaluating MoEngage’s SaaS Infrastructure and Security practices for SOC 2 compliance. Given our efforts to pass our internal security audit and the CSA STAR attestation, we could quickly complete the submission to our SOC 2 auditor and pass that evaluation.
Recertifying all followed compliances and standards like SOC, CSA STAR, and ISO 27001 is an annual process. We are fully committed to maintaining the operational practices that will allow us to recertify each year efficiently.
In addition, our leadership team remains committed to developing and implementing information security management systems that comply with the highest global data security standards and best practices.
Achieving SOC2 compliance was always on the radar, and we are glad to have reached this milestone. We will share more updates as we continue our drive to strengthen our data security and privacy systems.