Latest news with #SOC2
Business Upturn
2 hours ago
- Business
- Business Upturn
Onerep Achieves SOC 2® Type II Compliance
MCLEAN, Va., July 29, 2025 (GLOBE NEWSWIRE) — Onerep, a technology and consumer privacy company, proudly announces successful achievement of SOC 2 (Systems and Organization Controls 2) Type II certification through an independent audit. This milestone signifies full compliance with SOC 2 criteria, and reflects the Onerep's team's dedication to strong customer data security practices. Established by the American Institute of Certified Public Accountants (AICPA), the months-long SOC 2 Type II auditing procedure serves as the industry gold standard for a company's overall cybersecurity hygiene and evaluates its information security controls across five trust service criteria: security, availability, processing integrity, confidentiality, and privacy. The SOC 2 report affirms that Onerep's infrastructure, software, people, data, policies, and operations have been formally reviewed—and validates that the company provides enterprise-level security within its platform. 'As a privacy protection company, safeguarding our customers' information is central to everything we do, ' said Dimitri Shelest, CEO, Onerep. 'Earning this certification testifies to our commitment to maintaining the highest data privacy and security standards, giving our customers confidence that their data is safe with us.' The SOC 2 audit was conducted by Johanson Group LLP, a security and compliance assessment provider trusted by public and private companies across a wide range of industries worldwide. Johanson Group shared the following: 'Congratulations to Onerep for reaching SOC 2 compliance! This achievement reflects your commitment to data security, resilience, and customer trust. We're proud to have played a role in helping your organization hit this milestone. Keep pushing boundaries and inspiring trust!' About Onerep Onerep is a digital privacy company specializing in the removal of employee and consumer data from public data brokers and people search sites. The company's technology and approach are trusted by prestigious organizations in the United States, including professional associations, consumer groups, and law enforcement agencies. Onerep's solutions are also working behind the scenes to power privacy features offered by globally recognized brands. Founded in 2015, Onerep seeks to continuously provide the best privacy protection available. For more information, visit . PRESSOnerep [email protected]
Associated Press
3 hours ago
- Business
- Associated Press
AskTuring.ai Closes Oversubscribed Funding Round to Launch Secure Personal AI Platform for Small Businesses and Professionals
SAN DIEGO--(BUSINESS WIRE)--Jul 29, 2025-- today announced the successful completion of an oversubscribed funding round and the upcoming fall launch of its groundbreaking secure platform that is positioned to capture the rapidly growing demand for privacy-first artificial intelligence (AI) solutions that serve users rather than tech giants. Unlike traditional AI tools that process data in the cloud and use it for training, has created the market's first AI platform that enables users to privately own and control their AI's memory, knowledge, and capabilities. The platform builds a persistent, evolving understanding of each user's unique world through a proprietary patented Semantic Retrieval Augmented Generation (SRAG) technology – all while ensuring that the underlying language models can never train on your personal user data. 'AskTuring is not just another AI tool,' said Neil Senturia, CEO and serial entrepreneur. 'We're delivering what small businesses and professionals have been desperately seeking: a personal research platform that becomes your 'second brain' while giving you complete ownership of your data.' The platform addresses a critical gap in today's AI landscape. While most solutions lock users into specific verticals like note-taking or document management, creates a unified platform that brings together personal knowledge management, collaborative research, and intelligent document analysis – all with enterprise SOC2 security. To support its ambitious roadmap, has expanded its leadership team with Guy Reams joining as Chief Operating Officer, bringing extensive experience scaling software companies. 'There's a massive market opportunity for a general-purpose personal AI layer that puts users in control,' said Reams. 'We're creating the platform that finally makes AI work for you and protects your privacy . ' Key differentiators include: Complete Data Privacy & Ownership – Users maintain full control over their information with SOC2 compliance and local processing capabilities. The LLM cannot train on your private data. Team Collaboration – Multiple team members can work together within secure, shared knowledge bases, making it ideal for law firms, financial advisors, and professional services providers. Multi-Modal Intelligence – The platform supports diverse data types and formats, creating comprehensive understanding from documents, presentations, emails, and more. Growing Personal Memory – Unlike session-based AI tools, builds persistent, evolving knowledge that becomes more valuable over time. Flexible AI Model Support – Users can choose from different AI models while maintaining the same personal knowledge base. Early adopters include law firms analyzing confidential documents, financial advisors managing sensitive client information, professional sports teams reviewing contracts, educational institutions, and journalists building research databases. The company will launch with a freemium model featuring document upload limits to drive adoption, with paid tiers offering expanded capabilities including higher document limits, frequent re-indexing, additional AI model support, and advanced collaborative features. The fall launch coincides with growing consumer awareness of AI privacy concerns and increasing demand for alternatives to cloud-dependent services that monetize user data. About Founded in San Diego, is developing the market's first truly personal AI platform with patented SRAG technology. The platform enables private ownership and control of AI memory, knowledge, and capabilities, making it ideal for knowledge workers and small business teams. View source version on Media Contact:Barbara Bry,[email protected], 858-248-9465 KEYWORD: UNITED STATES NORTH AMERICA CALIFORNIA INDUSTRY KEYWORD: PROFESSIONAL SERVICES DATA MANAGEMENT BUSINESS SMALL BUSINESS TECHNOLOGY SOFTWARE ARTIFICIAL INTELLIGENCE SOURCE: Copyright Business Wire 2025. PUB: 07/29/2025 12:04 PM/DISC: 07/29/2025 12:04 PM
Forbes
6 hours ago
- Business
- Forbes
The Executive Illusion: 5 Cyber Threats Boards Think Are Handled (But Aren't)
Nick Ryan is a seasoned cybersecurity expert. Cybersecurity is a lot like an iceberg. What most executives see—dazzling dashboards filled with metrics, fancy reports, compliance certifications, incident response plans—is just the visible tip. The real cybersecurity risks are often hidden below the waterline, quietly compounding in the assumptions no one questions until an incident forces them to the surface. Having spent years working with boards and C-suites, I've noticed a pattern: Leaders assume certain risks are under control because they look good on paper. In reality, those same risks are among the most likely to cause business disruption. Here are five of the most persistent cybersecurity illusions that every executive team should question. 1. Third-Party Risk Management Assumption: Vendor security is handled because the vendor has filled out a questionnaire or sent over a SOC 2 compliance checklist. Reality: Third-party compromise is one of the most common ways attackers get in—and the least visible to the company that ends up paying the price because you inherit their risk whether you're watching it or not. Consider the massive SolarWinds cyberattack, where attackers hacked the company's software and gained access to its network of businesses and government agencies. Insight: Just because a vendor says it's secure doesn't mean that it is. Most organizations only check in on vendors annually, if that. That leaves a massive gap. You need to ask: Are we monitoring third parties in something close to real time? If not, you're assuming a level of security that simply isn't there. 2. Compliance Equals Security Assumption: We're compliant with NIST, SOC 2 or ISO, so we must be secure. Reality: Compliance frameworks are lagging indicators. They show you what was true at a point in time. That's it. I've been in plenty of audits where someone hands over beautifully written policies and screenshots that prove nothing about whether controls actually work day to day. It can be a house of cards that looks solid from the outside but falls apart under even a little pressure. Insight: Many organizations that pass compliance reviews would still fail in a real incident because they've never tested those assumptions. Compliance is not the same as resilience. If you treat it as a checkbox, you're just hoping everything will work when it counts. 3. Credential Misuse And Over-Permissioning Assumption: Because we have multifactor authentication, our employee credentials are secure. Reality: If an attacker gets one valid credential, they can often move laterally for months before anyone notices. IBM's 'Cost of a Data Breach Report 2024' noted that attackers sit in environments undetected for 204 days on average. That's six months of access while you think everything is fine. One of the biggest problems is over-permissioning. In a lot of smaller organizations, you've got Joey in IT with the keys to everything because it was easier to set it up that way. If Joey's account gets compromised, you have the potential for a catastrophic breach. Insight: You can't just trust credentials, no matter how strong your MFA is. You need to map out where attackers could go if they get in and limit the damage. Otherwise, you're betting the business on one layer of defense holding up forever. 4. Overconfidence In Incident Response Assumption: We have an incident response plan, so we're prepared. Reality: Most incident response plans live in binders or PowerPoint decks that no one has ever practiced. When something actually happens, it's chaos. I've told boards before: In an incident, I'm going to hand you a basketball that's on fire. You can't pass it to someone else. You have to take the shot. And if you've never practiced, you're going to stand there burning your hands while the organization melts down around you. Insight: Resilience is about muscle memory, knowing exactly what to do when a crisis hits. Have you really tested what happens if you have to take email down for three days? Do your executives know who to call, what to say and how to keep the business running? If the answer is no, you're not ready. 5. Surface-Level Metrics and Dashboards Assumption: Our metrics and dashboards give us a clear picture of our cybersecurity readiness. Reality: Most dashboards are filled with point-in-time stats, such as how many phishing emails were blocked or how many vulnerabilities were patched. These numbers look impressive, but they don't tell you what you need to know at the board level for the future: What are our biggest blind spots? What would happen to the business if we were breached tomorrow? I've seen plenty of CISO reports full of counts and percentages that don't connect to any real business risk. As a result, they create a false sense of security. Insight: Boards need fewer counts and more context. Ask: If this metric changes, what does that mean for us financially or operationally? What's the story behind the number? Asking Better Questions If you want to move past the illusion of readiness, start by asking harder questions. Here are three I recommend to every board: 1. If we suffered a ransomware attack tomorrow, what would we lose and how fast could we recover? 2. What's our biggest blind spot? 3. Have we pressure-tested our executive response to a real breach scenario? These are uncomfortable questions, but that's exactly the point. In a healthy organization, the CEO and board are ultimately accountable for cybersecurity risk, while the CISO is responsible for managing and executing the cybersecurity strategy. Security isn't just a checkbox exercise to prevent bad things; it's a vital business enabler. It's what keeps the business operating when something goes wrong. If you're confident your risks are handled because you've seen the reports and the plans, take another look. Confidence without evidence is the riskiest assumption of all. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Tom's Guide
5 days ago
- Business
- Tom's Guide
Proton passes its first SOC 2 Type II audit, verifying its business security credentials
Proton, which provides VPN and secure mail services, has passed its first SOC 2 Type II audit. Completed in July 2025, this comes in addition to annual third-party security audits of Proton VPN's processes. SOC 2 Type II is a widely recognized standard for business security. It confirms that robust systems are in place, and that security processes are consistently followed in practice across the organization. Proton is best known for Proton VPN and Proton Mail, but also provides calendar, storage, password management, and crypto wallet tools. All of these services are covered by Proton's SOC 2 Type II security auditing. The Service Organization Control (SOC) audit framework tests how providers handle sensitive information, covering both control systems and their implementation. Running the audit demonstrates a commitment to data security, and it's particularly important in areas such as finance, healthcare, and regulated industries where security compliance is critical. In sectors such as these, SOC 2 compliance is a baseline requirement. The result brings Proton VPN into line with competitors such as NordLayer, NordVPN's business solution, which has also passed a SOC 2 Type 2 audit and has ISO 27001 certification. Other leading providers like Surfshark and ExpressVPN have not yet run SOC 2 audits, though they do have independent security testing programs which support the claims of their no-logs policies. Proton's SOC 2 Type II auditing process was run by Schellman, an independent auditing firm with experience in the technology sector. In preparation, the firm sought to formalize and document its processes and controls across areas including access management, incident response, risk assessment, and system monitoring. Proton reports that this process didn't involve any larger overhaul of its services, however. Following this, Schellman inspected how Proton's security controls are implemented across its infrastructure, running technical reviews, assessing documentation, and interviewing staff. At the end of the process, Proton successfully achieved the standard required for SOC 2 Type II validation. In a statement, Proton's Head of Security, Patricia Egger, said, 'Proton was built on the idea that privacy is a human right – and trust still has to be earned... Proton's SOC 2 Type II attestation proves that our security isn't just technical – it's operational. We meet strict, independently audited standards for how we handle data, systems, and processes.' And that matches what we've found with Proton's products. Based on our testing, we rate Proton VPN as one of the best VPNs available, noting that it particularly stands out for its advanced security features. Proton has taken a number of steps to prove the security of its systems. All the firm's apps are open source, meaning that the developer community is free to inspect the codebase and report on any issues or vulnerabilities that could compromise its software. Supporting this, the company has a public bug bounty program that offers rewards of up to $10,000, and the organization also runs regular penetration testing on its services. In addition, Proton VPN runs an annual third-party audit of its no-logs policy. This is carried out by Securitum, a major security auditing company based in Poland. The third and most recent audit was published in July 2024. Reporting on this, Proton published detailed notes on the questions that Securitum asked and what it found, going beyond the executive summaries that other providers sometimes offer on their audits. Alongside this, Proton achieved ISO 27001 certification in May 2024. This is an international standard for information security management systems, with best practice standards for managing data security. The firm also has HIPAA support and GDPR and Swiss DPA compliance, meeting further regulatory requirements for business users. We extensively tested the product for our full Proton VPN review and didn't find any evidence of DNS leaks or issues with the product's kill switch feature. Looking ahead, Proton states that it is committed to increasing transparency, to developing its security infrastructure, and to helping businesses better assess its services. In addition, Proton reports that the results of the SOC 2 report are available for customers on request and that its team will be happy to discuss the findings of the audit. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button. We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
Malaysian Reserve
6 days ago
- Business
- Malaysian Reserve
Square 9 Continues Its Dedication to Security and Compliance with Renewed SOC 2 and HIPAA Certification
A Successful SOC 2 Audit Ensures Secure Data Handling for Square 9 Customers NEW HAVEN, Conn., July 23, 2025 /PRNewswire/ — Square 9 Softworks, a leading AI-powered intelligent information management provider, successfully completed its 2025 SOC 2 audit on July 15th. This accomplishment highlights Square 9's dedication to maintaining the highest standards of data security and operational excellence. The audit included an in-depth evaluation against SOC's Trust Services Criteria, including Security, Availability, and Confidentiality. Additional criteria were also included for complete HIPAA compliance. This certification provides assurance to both current and prospective Square 9 customers that their information is handled with extreme care and in accordance with industry best practices. To explore how Square 9 Softworks can help your organization securely and efficiently manage its information, visit 'SOC 2 audits are a globally recognized affirmation of a company's commitment to protecting customer data, ' said Steve Young, President and CEO. 'By undergoing this audit, our customers can rest assured that their information is being properly guarded.' The SOC 2 standards, developed by the American Institute of Certified Public Accountants (AICPA), are designed to ensure organizations protect the assets of their potential and existing customers. SOC 2 reports are globally recognized, affirming that Square 9's infrastructure, software, personnel, policies, procedures, and operations have undergone a formal and comprehensive review. Square 9's SOC 2 certification enhances the company's reputation and underscores its commitment to providing secure and reliable solutions. Discover more about Square 9 at About Square 9 Softworks® Managing information can be hard. Square 9 makes it easy! Square 9 Softworks is an industry-leading provider of an AI-powered intelligent information management platform that removes the frustration of extracting data and enables you to harness the full power of your information. Release your team from repetitive tasks while your work flows freely in areas like accounts payable, order processing, onboarding, and contracts. The Square 9 platform captures your unstructured content, transforms it into clean, searchable data, and securely shares it across your organization to accelerate your decisions and actions.
