OpenVPN Access Server and CloudConnexa are SOC 2 Compliant

Our SOC 2®, AICPA certification reaffirms OpenVPN’s dedication to protecting our customers through strict security practices, policies, procedures, and operations standards.

What is SOC 2® compliance and why does it matter?

SOC 2® is a cybersecurity compliance framework with the primary purpose of ensuring that third-party service providers store and process client data in a secure manner.

SOC 2® reports are considered the “gold standard”

These reports provide industry-wide acknowledgment that a company adheres to “trust service principles” such as Security and Confidentiality.

SOC 2® requires compliance in multiple disciplines

These include security compliance, internal processes, and organizational compliance awareness in SaaS companies.

The SOC 2® accreditation audit is a months-long process

As a business, completing our SOC 2® certification demonstrates our dedication to protecting our customers and their data.

SOC 2® compliance requires ongoing evaluation

SOC compliance requires periodic maintenance, meaning compliance is an ongoing practice.

Additional OpenVPN Security Measures

We keep your business safe so you can do the same for your customers. SOC 2 compliance is only the beginning. Some of the additional measures OpenVPN takes include:

Built on the OpenVPN Open Source Protocol

OpenVPN is built on the time-tested, secure OpenVPN open source protocol trusted by millions.

Encrypted Data

OpenVPN encrypts your data and requires that all employees use SSO.

Vulnerability Management

OpenVPN's vulnerability management program ensures the confidentiality, integrity, and availability (CIA) of the organization's information systems landscape, which includes all critical system resources.

Strict Hardening Settings

OpenVPN adopts its system hardening settings from the most restrictive baselines from Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), and/or public CSP baseline configurations.

Third-party validation

OpenVPN continually seeks third-party certification and validation of our security procedures.

Risk Assessments

OpenVPN has designed a risk assessment program to assess the organization's enterprise-level risk at least annually or upon significant changes to the environment.

Level Up Your Network Security with OpenVPN

OpenVPN CloudConnexa and Access Server include security features that help keep your customers' data safe.