Threat Detection & DefenseGovernance & Compliance

Verifying Trust: SOC 2 Type II Audit Confirms Effectiveness of Kaspersky’s Security Controls

Reaffirming a Commitment to Robust Cybersecurity Standards

Kaspersky has reaffirmed its commitment to robust cybersecurity standards by successfully completing a Service Organisation Control for Service Organisations (SOC 2) Type II audit. The assessment evaluated the integrity and security of the company’s antivirus database development and release processes and confirmed the reliability of existing safeguards against unauthorised alterations.

As part of ongoing efforts to validate the integrity of its solutions through third-party evaluations, Kaspersky has maintained SOC 2 compliance since 2019. The SOC 2 framework, developed by the American Institute of Certified Public Accountants (AICPA), assesses cybersecurity controls across five principles: security, availability, process integrity, confidentiality, and privacy.

Covering a period from August 2024 to July 2025, the audit reviewed Kaspersky’s workflows relating to the development and implementation of Windows and Unix OS antivirus databases, including the supporting infrastructure, procedures, software, data, and people involved. To evaluate the effectiveness of controls in place, the following tests were carried out:

  • Detailed interviews with relevant stakeholders
  • Operational observations on the implemented controls
  • Examination of applicable documentation
  • Re-performance of manual controls and monitoring activities

As a result of these checks, auditors confirmed that Kaspersky’s antivirus base development services and test and release system meet the SOC 2 standards and are resilient to tampering. A full audit report is available upon request.

“Kaspersky prioritises external validation of its security practices to ensure alignment with global standards and stakeholder expectations,” comments Alexander Liskin, the Head of Threat Research at Kaspersky. “The latest SOC 2 audit underscores the effectiveness of our controls and the integrity of our antivirus database lifecycle.”

These audits are a core element of Kaspersky’s Global Transparency Initiative, designed to build trust through accountability. Complementing SOC 2, the company has achieved ISO/IEC 27001 certification for its information security management system and Common Criteria certifications for its flagship enterprise products, Kaspersky Endpoint Security and Kaspersky Security Center, a control console for enterprise solutions.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *