News & Updates

Internxt Achieves SOC 2 Compliance

Internxt

5 min read
Internxt SOC 2 compliance

Internxt is proud to announce that we have successfully achieved SOC 2 compliance, emphasising our continued dedication to security and privacy.

By achieving this milestone, SOC 2 certifies that Internxt meets the needs of users regarding the controls of Internxt relevant to security, availability, and processing integrity of users’ data and the confidentiality of this information.

Being based in Europe, Internxt is also GDPR compliant, giving individuals more control over their personal data and ensuring it is handled lawfully, transparently, and securely.

To meet the security and privacy needs of all industries, Internxt is also ISO 27001 and HIPAA compliant and independently audited.  

By ensuring we undergo regular audits and compliance reports, Internxt ensures strict information security management and the protection of sensitive data across regulated environments such as healthcare.

Download the full report below.

Internxt SOC 2 Type II Report
Internxt---SOC-2-Type-II-Report.pdf
2 MB
download-circle

What is SOC 2 compliance?

SOC 2 (Service Organization Control 2) compliance is a framework used to evaluate how a company protects customer data and manages the systems that process it.

It applies mainly to service providers that store, process, or transmit data on behalf of customers, making it a relevant certification for the cloud storage industry.

SOC 2 focuses on five key principles:

  1. Security
  2. Availability
  3. Processing integrity
  4. Confidentialty
  5. Privacy

Once the audit is successfully passed, the final result is a formal report that provides assurance that a company follows defined, audited practices to protect data and reduce security and privacy risks.

Who needs SOC 2 compliance?

SOC 2 compliance is relevant for any organization that provides services where customer or client data is stored, processed, or transmitted digitally.

This includes the following industries:

  1. Cloud providers and SaaS companies need to prove their systems are secure and reliable.
  2. Financial technology firms require it to protect sensitive financial information and build trust with customers and partners.
  3. Healthcare service providers need it to ensure patient data is handled securely and meets privacy expectations to prevent data breaches.
  4. Payment processors must maintain SOC 2 compliance to protect payment information and prevent fraud.
  5. IT consulting firms benefit from it by demonstrating that the systems and solutions they manage for clients meet high security and privacy standards.

SOC 2 compliance is essential for any business handling sensitive client information, as it shows accountability, reduces risk, and gains confidence from clients that their data is safe.

SOC 2 compliance checklist

By gaining SOC 2 compliance, Internxt prepared for the audit by ensuring all necessary controls and processes are in place.

Internxt focused on the following areas expected for SOC 2 compliance.

Security

Security is mandatory for SOC 2 and focuses on protecting systems and data from unauthorized access that can happen due to ransomware, phishing, or other spyware.

Security practices include:

  • Establishing strong access controls, including authentication, authorization, and password policies.
  • Implementing firewalls, intrusion detection, and monitoring tools to prevent unauthorized system access.
  • Maintaining secure system configurations and regularly applying patches and updates.
  • Conducting risk assessments and vulnerability scans to identify and address potential threats.
  • Developing an incident response plan to detect, respond to, and recover from security events.

Availability

Availability ensures that systems are operational and accessible as agreed with customers. To meet this specification, companies must:

  • Implement redundancy and failover mechanisms for critical systems.
  • Perform regular system backups and testing recovery procedures.
  • Monitor system performance and uptime to meet service-level agreements (SLAs).
  • Maintain disaster recovery and business continuity plans.

Processing integrity

This focuses on ensuring that system processing is complete, valid, accurate, timely, and authorized. Key checklist items include:

  • Implementing controls to prevent unauthorized or incorrect data processing.
  • Establishing audit logs and transaction monitoring to track system activities.
  • Validating inputs, processing steps, and outputs to ensure accuracy and completeness.
  • Reviewing and testing processes regularly to detect errors or discrepancies.

Confidentiality

This ensures that sensitive information is protected according to policies and agreements. Checklist items include:

  • Encrypting sensitive data in transit and at rest.
  • Controlling access to confidential information based on roles and responsibilities.
  • Use secure communication channels for sharing sensitive data.
  • Establishing policies and training for employees on handling confidential information.
  • Having agreements with third parties to ensure they maintain confidentiality standards.

To learn more about Internxt’s security and encryption, check out the following articles.

How Internxt protects your data

Internxt encryption

Privacy

Another feature of a SOC 2 compliance checklist addresses the collection, use, retention, disclosure, and disposal of personal information.

These items include:

  • Maintaining a privacy policy aligned with applicable laws and regulations.
  • Limiting the collection of personal data to what is necessary and used only for stated purposes.
  • Providing individuals with access to their data and the ability to correct or delete it.
  • Ensuring data retention and disposal procedures comply with policy.
  • Conducting employee training on privacy requirements and secure handling of personal data.

Benefits of SOC 2 compliance

Reduced risk of data breaches

The cost of a data breach can cost a company millions and expose personal data such as emails, phone numbers, and other personal information.

Data that has been exposed in a data breach can be sold or found on the dark web causing threat actors to target you in ransomware or other cyberattacks.

Commitment to data protection

Achieving SOC 2 compliance adds additional verification that we securely manage your data and protect your privacy alongside our Drive, Meet, Mail, and VPN products.

As we are fully open source, you can also verify the security of our platform from our GitHub page https://github.com/internxt

Reliability

As SOC 2 compliance focuses on maintaining systems that are consistently available and dependable, we ensure that your data is always accessible when you need it.

Internxt stores your data across multiple data centers for increased redundancy ensuring your files have the best data protection possible.

Risk management

By implementing SOC 2 controls, Internxt establishes formal processes for monitoring systems, logging activities, and responding to incidents, ensuring risks are detected early and managed proactively.

For continuous security, SOC 2 also requires documentation and regular auditing, so potential vulnerabilities are reviewed regularly, as opposed to just once.

Internxt’s commitment to privacy

Future-proof encryption

Internxt is the first cloud storage to use post-quantum cryptography, offering maximum security and privacy for your files. By using this encryption, Internxt protects your files and data against the potential threats of quantum computers, which could potentially break current encryption that other cloud providers use.

Multiple compliance

By complying with ISO 27001, HIPAA, and SOC 2, Internxt guarantees full security and privacy for personal, business, or enterprise use across multiple industries.

Full product suite

As we continue our mission of transparency through compliance, Internxt is offering the best privacy suite alongside Internxt Drive to ensure you get full security and privacy online.

Through our Essential, Premium, and Ultimate plans, you can choose the perfect plan for you to get everything you need to protect your files and data online.

Get Internxt

We also offer Business and S3 plans to meet the needs of small teams or large enterprises to secure their data and protect against data breaches.

All paid plans include backups to protect your files against data loss, file versioning, and an Antivirus to keep your device free from malware.

Premium plans include 3TB of post-quantum encryption plus Internxt Cleaner to free up storage on your device by identifying junk or duplicate files. Once identified, you can delete unnecessary files and potentially boost the performance and speed of your computer.

Finally, Ultimate plans include everything in the Essential and Premium plans, 5TB of storage, Internxt Meet, NAS, and Rclone support.

Visit our website to choose from our annual or lifetime plans, and get full protection online, backed and verified by the leading security standards and compliance regulations.

Protect your privacy with Internxt