MoEngage Achieves SOC 2 Type 2 and CSA STAR Attestations

  • UPDATED: 08 July 2023
  • 3 min read
article

Reading Time: 3 minutes

At MoEngage, our customers’ information security is our top consideration; we have invested in building services and operational controls to ensure this. Our aim has always been to adhere to the best security practices in the industry so our customers can execute their insights-led engagement strategies.

Today, I am excited to announce that MoEngage has received the SOC 2 Type 2 and CSA STAR attestation. These certifications result from in-depth third-party audits by Accedere that scrutinize the architecture and operations of MoEngage’s SaaS service and infrastructure. These certifications further reinforce our commitment to essential industry principles and best practices.

What Are SOC 2 and CSA STAR Attestations? Why Are They Important?

SOC 2

The System and Organization Controls or “SOC” 2 Report addresses an organization’s controls against the AICPA’s Trust Services Criteria. The SOC 2 Type 2 Report focuses on management’s description of a service organization’s system and the suitability of controls’ design and operating effectiveness.

MoEngage has completed the SOC 2 Type 2 Certification for its SaaS Infrastructure and Services on the following Trust Service Criteria

MoEngage has completed the SOC 2 Type 2 Certification for its SaaS Infrastructure and Services on the following Trust Service Criteria:

  • Security: Follows global best practices for security such as two-factor authentication, encryption, firewall, user identification, and more.
  • Confidentiality: Ensures Customer data is secure on the MoEngage platform through measures such as encryption, access controls, and 2-factor authentication.
  • Availability: Ensures access to the platform through steps to ensure uptime, disaster recovery, and incident management.

CSA STAR

The Cloud Security Alliance Security Trust Assurance and Risk (CSA STAR) Program encompasses fundamental principles of transparency, rigorous auditing, and harmonization of standards.

The Level 2 CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for certified public accountants (CPAs) to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix. The Level 2 CSA STAR Attestation provides for independent third-party assessments of cloud providers.

MoEngage has completed the CSA STAR Level 2 Attestation for its SaaS Infrastructure and Service.

What Do MoEngage’s SOC 2 and CSA STAR Compliance Mean to Our Customers?

Our SOC 2 report reiterates strong internal controls designed and implemented in alignment with the security principles defined in the Trust Services Principles and Criteria for Security. Further, our CSA STAR attestation validates that our cloud security measures meet the criteria outlined in the CSA Cloud Controls Matrix (CCM) Version 4.0.5 control specifications (CCM Criteria).

These industry attestations prove that MoEngage can design, build, and operate a secure, resilient service that brands can rely on for customer engagement. When your security teams evaluate our service design, these certifications validate our ongoing commitment to data security best practices.

How Did We Achieve These Certifications?

Achieving these certifications is not easy and requires a dedicated effort. MoEngage is committed to delivering services at the highest standards, and maintaining industry certifications is key to demonstrating that commitment. Here’s how we achieved these certifications:

A Robust Product

The most important action we took to gain these certifications was to build an excellent service. We have held world-class security and operations practices as fundamental to our delivery model since the beginning. It only took a few minor adjustments and refinements to some of our practices for us to make the grade.

An Awesome Team

As we built our SaaS platform, we also strengthened our product management and engineering teams. Our team has rich experience in SaaS and has helped create some of the most well-known services from reputed companies. By leveraging all that experience and knowledge of best practices, MoEngage fundamentally changes how brands digitally engage with their customers and ensures insights-led customer engagement.

Security Best Practices

MoEngage SaaS Application is listed publicly in the CSA STAR Registry.  While preparing for CSA STAR, we reached out to a third-party auditor to begin the process of evaluating MoEngage’s SaaS Infrastructure and Security practices for SOC 2 compliance. Given our efforts to pass our internal security audit and the CSA STAR attestation, we could quickly complete the submission to our SOC 2 auditor and pass that evaluation.

Recertifying all followed compliances and standards like SOC, CSA STAR, and ISO 27001 is an annual process. We are fully committed to maintaining the operational practices that will allow us to recertify each year efficiently.

Our Continued Commitment to Data Security

In addition, our leadership team remains committed to developing and implementing information security management systems that comply with the highest global data security standards and best practices.

  • We comply with GDPR and CCPA and provide secure authentication and a Single Sign-On option.
  • We are a certified ISO 27001:2013 company with an Information Security Management System (ISMS) set up as per the ISO/IEC 27001:2013 audit conducted by the BSI Group.
  • You can take a look at the commitment to data security here.

Achieving SOC2 compliance was always on the radar, and we are glad to have reached this milestone. We will share more updates as we continue our drive to strengthen our data security and privacy systems.