XM Cyber Achieves SOC 2 Type II Certification for Second Consecutive Year

Cybersecurity Leader Reinforces Its Commitment to Client Data Protection


HERZLIYA, Israel – October 19, 2020 – XM Cyber, the multi-award-winning leader in breach and attack simulation (BAS), advanced cyber risk analytics and cloud security posture management, today announced that, for the second consecutive year, it has achieved SOC (System and Organization Controls) 2 Type II compliance.

This indicates that the company had adequate measures in place to protect its clients’ sensitive data for the period of August 2019-2020. The audit was conducted by EY Israel in compliance with the attestation standards set by the American Institute of Certified Public Accountants (AICPA).

“This certification should give our customers, partners and prospects confidence in our ability to ensure the privacy of their data, as well as that of their own clients,” said Raz Kotler, VP of Customer Operations and CISO, XM Cyber. “Our platform represents the most advanced attack simulation modeling system available for today’s complex networks. We are introducing the next generation of breach and attack simulation.”

SOC 2 Type II is the global standard for secure and confidential information handling for cloud services. A SOC 2-certified partner is required for businesses whose regulators, auditors, compliance officers, business partners, and executives require documented standards. To earn the prestigious Type II classification, companies must undergo rigorous testing of policies and procedures.

“To obtain SOC 2 Type II compliance, companies must pass a strict auditing process that takes into consideration a vendor’s access controls, change management, system operations and risk mitigation. We’ve passed all of these checkmarks with flying colors and are well prepared to keep client data secure against both existing threats and the unknown threats that seemingly arise every day,” added Kotler.

The XM Cyber platform identifies the most important security gaps and prioritizes remediation, providing enterprises with a continuous cycle of security measurement, prioritization and improvement. Unlike BAS companies that focus solely on security control validation, XM Cyber identifies security holes resulting from misconfigurations, vulnerabilities and human error. XM Cyber has been audited and found to meet SOC 2 Type II criteria based on five separate data and storage trust factors: security, availability, privacy, confidentiality, and processing integrity.