Verifying trust: SOC 2 Type II audit confirms effectiveness of Kaspersky’s security controls

As part of ongoing efforts to validate the integrity of its solutions through third-party evaluations, Kaspersky has maintained SOC 2 compliance since 2019. The SOC 2 framework, developed by the American Institute of Certified Public Accountants (AICPA), assesses cybersecurity controls across five principles: security, availability, process integrity, confidentiality, and privacy.

Covering a period from August 2024–July 2025, the audit reviewed Kaspersky’s workflows relating to the development and implementation of Windows and Unix OS antivirus databases, including the supporting infrastructure, procedures, software, data, and people involved. To evaluate the effectiveness of controls in place, the following tests were carried out:

• Detailed interviews with relevant stakeholders;
• Operational observations on the implemented controls;
• Examination of applicable documentation;
• Re-performance of manual controls and monitoring activities.

As a result of these checks, auditors confirmed that Kaspersky’s antivirus base development services and test and release system meet the SOC 2 standards and are resilient to tampering. A full audit report is available upon request.

“Kaspersky prioritizes external validation of its security practices to ensure alignment with global standards and stakeholder expectations,” comments Alexander Liskin, the Head of Threat Research at Kaspersky. “The latest SOC 2 audit underscores the effectiveness of our controls and the integrity of our antivirus database lifecycle.”

These audits are a core element of Kaspersky’s Global Transparency Initiative, designed to build trust through accountability. Complementing SOC 2, the company has achieved ISO/IEC 27001 certification for its information security management system and Common Criteria certifications for its flagship enterprise products, Kaspersky Endpoint Security and Kaspersky Security Center, a control console for enterprise solutions.