Saviynt Announces Completion of Key Security Compliance Initiatives

Paresh Patel

Paresh Patel

Cybersecurity Leader

Saviynt recently announced the completion of three key information security compliance initiatives Type 2 SOC 1, Type 2 SOC 2, ISO/IEC 27001, and ISO/IEC 27017 for Saviynt Identity Governance and Cloud Security Solution on both Amazon Web Services (AWS) and Microsoft Azure. Saviynt is committed to the protection of confidentiality, integrity, availability, and privacy of our customer’s data and to their service continuity. Information security is vital in today’s fast-paced world where organizations rely on the security and accuracy of their data. With the ever-increasing use of the cloud, organizations need every advantage they can get to ensure compliance, reduce risk, and improve their agility. These initiatives offer clients confidence that Saviynt’s cloud service on AWS and Microsoft Azure is secure, reliable and trusted. 

ISO 27001:2013

ISO/IEC 27001:2013 is a globally recognized standard for the establishment and certification of an information security management system (ISMS). Achieving certification shows that an organization follows information security best practices and is able to adequately protect your data on both AWS and Microsoft Azure.  This certification specifies security management best practices and controls based on the ISO/IEC 27002 best practice guide. It ensures that our information security management system (ISMS) is fine-tuned to keep pace with changes to security threats, essential in the fast-paced world of IT security.

ISO 27017:2015

Used with ISO/IEC 27001 series of standards, ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services on both AWS and Microsoft Azure by providing guidance for both cloud service providers and cloud service customers. This international standard provides additional cloud-specific implementation guidance based on ISO/IEC 27002, it demonstrates Saviynt’s ongoing commitment with globally-recognized best practices to make cloud services as safe and secure as the rest of the data included in our certified information management system. ISO/IEC 27017 is unique in providing guidance for both cloud service providers and cloud service customers. 

The audit of the ISMS and ISO standards was completed by Schellman & Company, LLC.

Type 2 SOC 1 Report

SSAE 16 also known as the SOC 1 (Service Organization Controls Report) provides a detailed report that focuses on the examination of internal controls for service providers that handle client financial data.  This type of examination demonstrates to clients that their financial information is being handled in accordance with their expectations and with the SSAE 18. 

A Type 2 SOC 1 examination addresses the suitability of a service organization’s controls and implementation on both AWS and Microsoft Azure and how those controls are designed to achieve objectives throughout a period of time. This examination is more comprehensive, providing an opinion on whether the controls that are present over that specified time frame are operating effectively.  

Type 2 SOC 2 Report 

Similar to the SOC 1 examination, the SOC 2 examination is an independent report conducted by a CPA.  Though instead of focusing on the financial aspects of an organization, in the case of Saviynt’s Identity Governance and Cloud Security Solution, it looks at Security, Availability, and Confidentiality on both AWS and Microsoft Azure.  These core areas provide an organization assurance that Information Systems are protected against unauthorized access and unauthorized disclosure of information but can also have the operational availability to consistently deliver service as well as data designated as confidential is appropriately protected to remain this way.  As a Type 2 examination, it also attests that these controls were operating effectively, and covers a specified period of time.

To review a copy of the SOC Independent Service Auditor’s report, customers may contact their Saviynt representative.


FedRAMP authorization is one of the most rigid compliance levels to achieve, including adherence to 325 controls that are based on NIST 800-53 standards, and the coordination and consolidated effort across multiple diverse teams within Saviynt was critical to the success. FedRAMP certification is specifically geared towards streamlining the ability of government entities to utilize cloud services using a “do once, use many times” approach that empowers government agencies to adopt cloud products and services which meet their needs.  It does this by standardizing the assessment, authorization, and monitoring of cloud service offerings which saves different agencies from having to re-assess each time they want to utilize them. Saviynt is certified at the Moderate level which indicates that there are significant controls in place as loss of confidentiality, integrity or availability would result in significant adverse effects to an agency’s assets, finances, or cause individual harm. View Saviynt’s Authorization.

Why Certification Matters

These examinations and certifications are an affirmation of Saviynt’s existing security practices and confirm our commitment to delivering outstanding customer service that bolsters the security and privacy of our clients. Industry certifications such as these allow organizations to get a quick snapshot of the security posture of a product before purchasing which limits the amount of research required to authorize it for use within their business environment. 

About Saviynt

Saviynt’s Identity 3.0 is the innovative, disruptive Identity Governance and Administration solution. We converge IGA, granular application access, cloud security and cloud privileged access into our Intelligent Identity Hub, where we draw the security perimeter at identity and ensure the principle of least privilege with usage analytics. We provide industry’s most comprehensive out-of-the-box continuous compliance controls library and cross-application Separation of Duties (SOD) risk rules for mission-critical applications such as SAP, Oracle Cloud ERP / EBS, Epic, Cerner, Infor, MS Dynamics GP, PeopleSoft, Salesforce and Workday. Saviynt’s governance solution extends security for IaaS providers such as AWS, Microsoft Azure, GCP, Alibaba Cloud, and collaboration or data storage platforms such as Office 365, SharePoint, Box, NetApp and more. Saviynt has recently ranked number #1535 in the Inc 5000 list of America’s Fastest-Growing Private Companies

For more information about Saviynt and its solutions, contact us today or request a demo.

Schedule a Demo

Ready to see our solution in action?
Sign up for your demo today.

Saviynt named a Gartner® Peer Insights™ Customers’ Choice: IGA Learn More >