CyberArk Earns New SOC 2 Type 2, SOC 3 Certifications for Identity Security Platform

April 30, 2024

NEWTON, Mass. and PETACH TIKVA, Israel – April 30, 2024 – CyberArk (NASDAQ: CYBR), the identity security company, today announced new Service Organization Control (SOC) 2 Type 2 and SOC 3 certifications for its developer and machine identity security SaaS-based products and capabilities. These certifications, based on a trustworthy and reputable framework, help to provide customers and their auditors with a transparent understanding of the controls CyberArk has implemented to support their operations.

The CyberArk Identity Security Platform protects identities and critical assets by enabling Zero Trust and enforcing least privilege with complete visibility, helping ensure that every identity can securely access any resource, located anywhere, from everywhere. CyberArk Conjur Cloud and Dynamic Privileged Access – both components of the CyberArk Identity Security Platform – achieved SOC 2 Type 2 and SOC 3 certification compliance this year:

  • CyberArk Conjur Cloud offers a standardized interface for developer and security teams with developer tools and security controls that are consistent across any cloud or on-prem environment. It integrates with a wide range of DevOps tools, container platforms (Kubernetes), and supports hybrid and multi-cloud environments.
  • CyberArk has also achieved certification for the Dynamic Privileged Access component, part of CyberArk Privileged Access Management and Secure Cloud Access solutions. This component provides isolated, monitored sessions to long-lived systems and elastic cloud workloads.

Other certified solutions include CyberArk Endpoint Privilege Manager, CyberArk Privilege Cloud, CyberArk Remote Access, CyberArk Secure Cloud Access, CyberArk Secure Web Sessions and CyberArk Workforce Identity.

“CyberArk’s ongoing customer commitment is to provide them with the assurance that components of the CyberArk Identity Security Platform align with SOC-2 expected security standards, giving them the confidence that CyberArk is committed to protecting their data,” said Peretz Regev, chief product officer, CyberArk. “CyberArk aims to always be a proven and trusted partner for organizations that look to guard against identity-centric threats.”

SOC reports are standardized reports based on the Trust Services Principles established by the American Institute of CPAs (AICPA). SOC 2 Type 2 certification demonstrates that an independent auditing firm has reviewed, tested and examined CyberArk production services controls to ensure their operation is aligned with expected security standards. A SOC 3 report is a general use report of the SOC 2 reports that outlines a company’s internal controls and details how well they safeguard customer data, specifically for cloud service providers. Both reports evaluated not only how CyberArk safeguards customer data, but also how well those controls operate.

The SOC 2 and SOC 3 examinations were conducted by A-LIGN ASSURANCE (“A-LIGN”), an independent auditing firm, in accordance with the American Institute of Certified Public Accountants (AICPA).

To learn more about CyberArk’s security, reliability, privacy and compliance policies, please visit the CyberArk Trust Center.

About CyberArk
CyberArk (NASDAQ: CYBR) is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit, read the CyberArk blogs or follow on LinkedInTwitterFacebook or YouTube.