Progress is a publicly traded company (NASDAQ: PRGS) and as such it is required to comply with the Sarbanes–Oxley Act and is audited accordingly.
The Sitefinity platform is certified by an independent third party to comply with the service organization control standards (SOC 2) developed by the Association of International Certified Professional Accountants (AICPA). Compliance with SOC 2 is a testament that Progress has established a comprehensive set of internal procedures and controls to ensure the security, confidentiality and availability of its cloud services and software development infrastructure increasing the level of trust and confidence organizations have when choosing to rely on Progress services and products.
The Progress SOC 2 certification report for the Sitefinity platform covers the following areas of internal controls:
- Helps protect against unauthorized access, use or modification
- Ensures service is available for operation and use as committed or agreed upon
- Ensures confidential information is well protected
Both the Sitefinity Digital Experience Cloud and the CMS are covered by SOC 2 controls, but the scope differs because DEC is a cloud service while the CMS is a downloadable product that can be hosted anywhere. Hence, we have created two main areas for certification:
- Covers Sitefinity DEC for the areas of security, availability and confidentiality
- Covers the Sitefinity CMS application development process for IT controls