Proton passes its first SOC 2 Type II audit, verifying its business security credentials
SOC 2 Type II is a widely recognized standard for business security. It confirms that robust systems are in place, and that security processes are consistently followed in practice across the organization.
Proton is best known for Proton VPN and Proton Mail, but also provides calendar, storage, password management, and crypto wallet tools. All of these services are covered by Proton's SOC 2 Type II security auditing.
The Service Organization Control (SOC) audit framework tests how providers handle sensitive information, covering both control systems and their implementation. Running the audit demonstrates a commitment to data security, and it's particularly important in areas such as finance, healthcare, and regulated industries where security compliance is critical. In sectors such as these, SOC 2 compliance is a baseline requirement.
The result brings Proton VPN into line with competitors such as NordLayer, NordVPN's business solution, which has also passed a SOC 2 Type 2 audit and has ISO 27001 certification. Other leading providers like Surfshark and ExpressVPN have not yet run SOC 2 audits, though they do have independent security testing programs which support the claims of their no-logs policies.
Proton's SOC 2 Type II auditing process was run by Schellman, an independent auditing firm with experience in the technology sector. In preparation, the firm sought to formalize and document its processes and controls across areas including access management, incident response, risk assessment, and system monitoring. Proton reports that this process didn't involve any larger overhaul of its services, however.
Following this, Schellman inspected how Proton's security controls are implemented across its infrastructure, running technical reviews, assessing documentation, and interviewing staff. At the end of the process, Proton successfully achieved the standard required for SOC 2 Type II validation.
In a statement, Proton's Head of Security, Patricia Egger, said, 'Proton was built on the idea that privacy is a human right – and trust still has to be earned... Proton's SOC 2 Type II attestation proves that our security isn't just technical – it's operational. We meet strict, independently audited standards for how we handle data, systems, and processes.'
And that matches what we've found with Proton's products. Based on our testing, we rate Proton VPN as one of the best VPNs available, noting that it particularly stands out for its advanced security features.
Proton has taken a number of steps to prove the security of its systems. All the firm's apps are open source, meaning that the developer community is free to inspect the codebase and report on any issues or vulnerabilities that could compromise its software. Supporting this, the company has a public bug bounty program that offers rewards of up to $10,000, and the organization also runs regular penetration testing on its services.
In addition, Proton VPN runs an annual third-party audit of its no-logs policy. This is carried out by Securitum, a major security auditing company based in Poland. The third and most recent audit was published in July 2024. Reporting on this, Proton published detailed notes on the questions that Securitum asked and what it found, going beyond the executive summaries that other providers sometimes offer on their audits.
Alongside this, Proton achieved ISO 27001 certification in May 2024. This is an international standard for information security management systems, with best practice standards for managing data security. The firm also has HIPAA support and GDPR and Swiss DPA compliance, meeting further regulatory requirements for business users. We extensively tested the product for our full Proton VPN review and didn't find any evidence of DNS leaks or issues with the product's kill switch feature.
Looking ahead, Proton states that it is committed to increasing transparency, to developing its security infrastructure, and to helping businesses better assess its services. In addition, Proton reports that the results of the SOC 2 report are available for customers on request and that its team will be happy to discuss the findings of the audit.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
a day ago
- Yahoo
Rapid7 Launches A New Next-Gen SIEM Called Incident Command
Rapid7, Inc. (NASDAQ:RPD) is one of the Best Cybersecurity Stocks to Buy Under $100. On July 29, Rapid7, Inc. (NASDAQ:RPD) launched a new next-gen Security Information and Event Management (SIEM), Incident Command. Incident Command will extend the capabilities of Rapid7's Command Platform, transforming how security teams detect, investigate, and respond to threats. The latest addition of the company's Command Platform unifies preventative attack and exposure management. It is powered by Agentic AI workflows designed by Rapid7's SOC experts. A computer engineer analyzing a server network for cyber security threats. 'We built the Command Platform to unify all customer data—not just what we collect—so that organizations get the facts from the beginning and reduce their time to action. Incident Command, our upgraded next-gen SIEM, gives customers the benefit of the Command Platform plus broadened access to our decades of SOC expertise with agentic AI integrated within the workflows they use every day,' said Corey Thomas, CEO of Rapid7. Incident Command comes with attack surface context through Surface Command and assembled threat intelligence with Intelligence Hub. With this combination, the software will deliver a seamless user experience, allowing analysts to operate like experts and react faster and smarter. Rapid7, Inc. (NASDAQ:RPD) is a cybersecurity and services provider. It offers expertise in the security operations center across information security, cloud operations, development, and information technology teams. While we acknowledge the potential of RPD as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: 30 Stocks That Should Double in 3 Years and 11 Hidden AI Stocks to Buy Right Now. Disclosure: None. This article is originally published at Insider Monkey.
CNET
2 days ago
- CNET
To Bundle or Not to Bundle: Your Guide to VPNs and Other Cybersecurity Service Packages
Even though VPN bundle subscriptions have been around for a few years now, the trend is showing no signs of slowing down. A handful of the companies we've traditionally thought of as 'VPN companies' are becoming much more than just VPN companies. They're essentially rebranding as comprehensive cybersecurity solutions -- a one-stop shop to cover all of your online privacy and security needs. But there's an abundance of bundles, and it can sometimes be challenging to tell which ones offer the services you need at a good value for comprehensive cybersecurity protection. Ultimately, it comes down to your specific use and needs, as well as your budget. I've spent a decade reviewing VPNs, specifically, and have dabbled in reviews of other cybersecurity services like password managers. Based on that cumulative experience, I've laid out the most notable VPN bundles available, along with recommendations for both bundles and a la carte options, with the help of some reviews from other CNET colleagues, particularly for antivirus services. Breaking down the bundles Each VPN provider that offers bundled services delivers a slightly different suite of tools. The providers of note here are Proton, Nord Security, Surfshark and ExpressVPN. Here is what each offers and what each one charges for its basic VPN plan as well as bundled subscription options. (Note that ExpressVPN currently doesn't offer a tiered pricing structure.) Proton Proton is for the privacy purist who wants comprehensive privacy and security protections from a trailblazer in privacy tool bundling. VPN Plus: $10 per month, $48 for the first year (then $80 per year) or $72 for the first two years combined (then $80 per year) VPN Proton Unlimited: $13 per month, $120 per year or $192 for the first two years combined (then $120 per year) VPN Password manager Encrypted cloud storage Secure email Encrypted calendar Nord Security (NordVPN) NordVPN is excellent for power users and anyone who wants a premium bundle that ticks many boxes. While its Threat Protection Pro anti-malware protection isn't a full-fledged antivirus solution, it comes close and has been approved by AV Comparatives as a reliable anti-phishing tool. Basic: $13 per month, $60 for the first year (then $139 per year) or $81 for the first two years combined (then $140 per year) VPN Plus: $14 per month, $72 for the first year (then $180 per year) or $105 for the first two years combined (then $180 per year) VPN Anti-malware protection Password manager Complete: $15 per month, $84 for the first year (then $219 per year) or $129 for the first two years combined (then $219 per year) VPN Anti-malware protection Password manager Encrypted cloud storage Prime: $18 per month, $108 for the first year (then $372 per year) or $177 for the first two years combined (then $372 per year) VPN Anti-malware protection Password manager Encrypted cloud storage ID protection Surfshark Surfshark is great for budget-conscious users looking for unique bundling options that include antivirus, private search and a personal detail generator. However, Surfshark is the only VPN company listed here that doesn't include a password manager. Starter: $15.45 per month, $48 for the first 15 months (then $79 per year) or $54 for the first 27 months (then $79 per year) VPN Personal detail generator One: $18 per month, $51 for the first 15 months (then $99 per year) or $67 for the first 27 months (then $99 per year) VPN Personal detail generator Antivirus Data leak alerts Private search One-plus: $20.65 per month, $91 for the first 15 months (then $119 per year) or $108 for the first 27 months (then $119 per year) VPN Personal detail generator Antivirus Data leak alerts Private search Data removal ExpressVPN ExpressVPN is somewhat of an outlier because it doesn't have a tiered pricing model and only offers a VPN, password manager and ID protection tools. It's also expensive, but if you're looking for one of the best VPNs on the planet and a capable password manager, then ExpressVPN is a solid bet. Monthly: $13 per month VPN Password manager Yearly: $100 per year (initial term lasts 15 months) VPN Password manager Dark web scanner ID theft insurance Credit scanner Two-year: $140 for the first 28 months (then $117 per year) VPN Password manager Dark web scanner ID theft insurance Credit scanner Monthly credit report Data removal VPN bundles at a glance Here's a look at what each VPN provider offers. Proton Nord Security (NordVPN) Surfshark ExpressVPN VPN ✔️ ✔️ ✔️ ✔️ Password manager ✔️ ✔️ X ✔️ Antivirus X ✔️ ✔️ X Encrypted cloud storage ✔️ ✔️ X X Secure email ✔️ X X X ID protection X ✔️ X ✔️ Personal detail generator X X ✔️ X Recommended á la carte options The possibilities are virtually endless, but if you're set against bundling with a single provider, I've put together three potential á la carte packages for you to consider based on CNET's recommended VPN, password manager and antivirus services to help you get started in your search for the optimal combination for your needs. (Pricing is calculated based on each service's annual price, with renewal prices noted immediately after.) Package 1: The budget-friendly package This is the package for you if you're looking for a quality package that won't break the bank. VPN: Surfshark Password manager: Bitwarden Antivirus: Malwarebytes Total: $93 for the first year, then $134 per year Package 2: The power-user package This package is great if you're looking for services that offer a variety of features and work on lots of devices. VPN: NordVPN Password manager: Keeper -- $40 Antivirus: McAfee Total: $130 for the first year, then $270 per year Package 3: The premium package This package is for you if you want a first-class experience with well-rounded services that work perfectly out of the box and require a minimal learning curve. VPN: ExpressVPN Password manager: 1Password -- $36 Antivirus: Norton 360 with Lifelock Total: $166 for the first year, then $213 per year What to look for in a VPN bundle Trustworthiness and transparency You have to put an enormous amount of trust in your VPN provider that it's doing what it says it's doing to protect your privacy and that it's not logging your online activity when you use its VPN service. You need to similarly trust the VPN company to properly maintain and secure its bundled service offerings. Before choosing a provider, do some research -- read unbiased reviews, get to know the company behind the service and look for regular third-party audits of its services. A trustworthy company should be transparent about what it does to keep you safe online, how it does it and why it does it. If the company doesn't seem trustworthy or transparent about its purpose or processes, choose a different provider. Services offered Of course, you'll want a company that offers the specific services you need. Not all VPN companies offer the same bundled services, so choose one that best fits your needs. Even if it doesn't check all of the boxes, you can always get additional services separately. And VPN companies continue to expand their bundled service offerings, so if your VPN doesn't yet offer the service you need now, it may in the future. Clear privacy policies Before committing to a provider, make sure to take a look through its privacy policies. Each individual service may have its own separate privacy policy, so I recommend looking through each one to ensure its privacy practices are sound across the board. Even if you don't read through the entire thing, search the page for terms like 'data sharing' and 'data collection' to get information related to how the company handles your data when using each of its services. In general, the less sharing, the better. Ownership Do a little digging into the company or ownership group behind the services you're considering. Has the company ever suffered a data breach, data leak or been involved in any unscrupulous data collection or sharing activities? Has company ownership been involved in any legal cases? If so, what were the circumstances and how did the company handle the situation? If you uncover any red flags, proceed with caution. Final thoughts After reviewing VPNs for more than a decade, ExpressVPN, NordVPN, Proton VPN and Surfshark are among the providers I trust the most for privacy. I'm inclined to trust each one in the development of any additional privacy or security tool they offer now or in the future -- which is why I can enthusiastically recommend the bundled packages offered by each one. Each VPN I spoke with told me in one way or another that they're still planning on expanding their services to evolve with users' needs, which tells me that bundled services are here to stay and that we can look forward to even greater parity between providers in the future. Ultimately, to bundle or not to bundle will be a choice only you can make for yourself. I hope this was a useful starting point in your online privacy and security journey, but whichever route you choose to take, make sure to take the time to research the provider(s) you go with to ensure they're doing their part to deliver the protections you need.
Business Upturn
2 days ago
- Business Upturn
NordStellar achieves SOC 2 Type II compliance, demonstrating its commitment to security
NEW YORK, Aug. 01, 2025 (GLOBE NEWSWIRE) — The next-generation threat management platform NordStellar has announced that it achieved System and Organization Controls (SOC) 2 Type II compliance. It's the third and final product of the Nord Security Business Suite to have successfully concluded this audit. NordStellar enables businesses to detect and respond to cyber threats before they escalate, empowering them to stay ahead of threat actors. It was launched in 2024 and is the newest addition to the Nord Security Business Suite, alongside NordLayer , the toggle-ready platform for business, and NordPass , a password manager. Both are SOC 2 Type II compliant. 'Last year NordStellar achieved SOC 2 Type I compliance, and we're thrilled that our constant efforts and product development have allowed us to complete the SOC 2 Type II audit successfully. Security is our greatest priority, and we are on a mission to deliver a high-quality and trustworthy product to our customers. We dedicate ourselves to continuously advancing our standard of excellence, maintaining transparency and reliability at every step', says Vakaris Noreika, head of product at NordStellar. SOC 2 is a security framework developed by the American Institute of Certified Public Accountants (AICPA) to ensure service providers securely manage customer data. SOC 2 compliance is achieved by undergoing independent audits assessing data management based on five criteria: security, availability, processing integrity, confidentiality, and privacy. All three Nord Security Business Suite products passed the SOC 2 Type II audit with no exceptions. ABOUT NORDSTELLAR NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. NordStellar offers visibility into how threat actors work and what they do with compromised data. NordStellar was created by Nord Security, a globally recognized company behind one of the world's most popular digital privacy tools, NordVPN. For more information, visit . Contact details:Inga Vaitkeviciute [email protected]
