Home > Committed To Security: SolarWinds Database Performance Monitor and SOC 2 Type 1

Committed To Security: SolarWinds Database Performance Monitor and SOC 2 Type 1

Security has always been a priority at SolarWinds® Database Performance Monitor (DPM), and we have architected and built our product for security from the beginning, frequently conducting exercises such as third-party penetration tests and code reviews. We are pleased to announce that SolarWinds DPM has successfully completed SOC 2 Type I certification.  The report comes after an intensive (and completely successful) auditing process, and is tangible and transparent proof of our commitment to customer protection. SOC 2 compliance is neither an easy process nor a useless one. Most of us  have worked in companies that were subject to various types of security requirements. What we like most about SOC 2 is that it’s sensible and legitimate: the requirements are both common sense and rigorous types of things you must do to actually be secure. SOC 2 Type 1 attests that the SolarWinds DPM controls were designed and implemented to meet the criteria for Security, Availability, Processing Integrity and Confidentiality. SolarWinds has a dedicated security team, but security involves literally every person at the company. Our security program follows a Risk Management framework, reports directly to the CEO, and is reportable to the board of directors. SOC 2 compliance is just one of several security-related initiatives SolarWinds DPM has completed this year. Other initiatives SolarWinds DPM has undertaken include:
  • A full security-driven cloud infrastructure change to separate our highly sensitive environments from other environments
  • The deployment of Intruder Detection and client MDM solutions
  • Security awareness training for employees and specific OWASP training for all engineers
  • Monthly Internet vulnerability testing
  • A variety of dedicated third-party penetration tests
It’s a lot of work, but it’s often satisfying. It’s rare that a company can pass compliance testing by showing its own product in action! At SolarWinds DPM we use our own solutions to monitor our cloud production services, so when it came time to produce much of the evidence needed for SOC 2 Availability and Processing Integrity criteria we simply showed the same DPM features and systems monitoring outputs our customers see every day. Going forward, SolarWinds DPM will continue on the compliance path for SOC 2 Type II reporting which is based on an assessment after the issuance of the Type I report. The Type II audit validates the strength of our controls over time, and highlights our ongoing commitment to security.
We’re Geekbuilt.® Developed by network and systems engineers who know what it takes to manage today's dynamic IT environments, SolarWinds has a deep connection to…
Read more


#BlackLivesMatter Leon Adato's Twitter avatar
#BlackLivesMatter Leon Adato

Remember how I bragged that *I* (& fellow @solarwinds Head Geeks @ChrystalT87 @PastaOverEther @SQLRockstart.co/7PRejyPtJB

Retweeted by SolarWinds
Adam Bertram's Twitter avatar
Adam Bertram

Check out @SolarWinds #ITTrends Report 2021: Building a Secure Future. It turns out the top three challenges for us… t.co/XWM3CW2VNL

Retweeted by SolarWinds
SolarWinds's Twitter avatar

Am 12. August veranstalten wir den Webcast „Was gibt’s Neues bei SolarWinds – Datenbank-Updates“. Hier geht’s zur A… t.co/O7A5pfQqDR