Verifying Trust: SOC 2 Type II Audit Confirms Effectiveness of Kaspersky’s Security Controls
Reaffirming a Commitment to Robust Cybersecurity Standards

Kaspersky has reaffirmed its commitment to robust cybersecurity standards by successfully completing a Service Organisation Control for Service Organisations (SOC 2) Type II audit. The assessment evaluated the integrity and security of the company’s antivirus database development and release processes and confirmed the reliability of existing safeguards against unauthorised alterations.
As part of ongoing efforts to validate the integrity of its solutions through third-party evaluations, Kaspersky has maintained SOC 2 compliance since 2019. The SOC 2 framework, developed by the American Institute of Certified Public Accountants (AICPA), assesses cybersecurity controls across five principles: security, availability, process integrity, confidentiality, and privacy.
Covering a period from August 2024 to July 2025, the audit reviewed Kaspersky’s workflows relating to the development and implementation of Windows and Unix OS antivirus databases, including the supporting infrastructure, procedures, software, data, and people involved. To evaluate the effectiveness of controls in place, the following tests were carried out:
- Detailed interviews with relevant stakeholders
- Operational observations on the implemented controls
- Examination of applicable documentation
- Re-performance of manual controls and monitoring activities
As a result of these checks, auditors confirmed that Kaspersky’s antivirus base development services and test and release system meet the SOC 2 standards and are resilient to tampering. A full audit report is available upon request.
“Kaspersky prioritises external validation of its security practices to ensure alignment with global standards and stakeholder expectations,” comments Alexander Liskin, the Head of Threat Research at Kaspersky. “The latest SOC 2 audit underscores the effectiveness of our controls and the integrity of our antivirus database lifecycle.”
These audits are a core element of Kaspersky’s Global Transparency Initiative, designed to build trust through accountability. Complementing SOC 2, the company has achieved ISO/IEC 27001 certification for its information security management system and Common Criteria certifications for its flagship enterprise products, Kaspersky Endpoint Security and Kaspersky Security Center, a control console for enterprise solutions.



