EMQ Strengthens Its Security Framework with SOC 2 Type II Certification for MQTT Services

Morgan Hill, CA, May 15, 2024 – EMQ, developer of the world’s leading open-source MQTT messaging platform, EMQX, is proud to announce the successful completion of its SOC 2 audit, resulting in the SOC 2 Type II certification. This achievement, conducted by EY, a member of the Big Four international accounting firms, builds on EMQ's previous attainment of the SOC 1 Type II certification. EMQ is the industry's leading service provider with both SOC 1 Type II and SOC 2 Type II certifications. This milestone emphasizes the EMQX Platform's robust internal control management system, providing customers worldwide with unmatched security and compliance assurances.

The SOC Report (System and Organization Controls Report) is a globally recognized standard for evaluating the internal controls and information security of service organizations. It has stringent requirements and a rigorous evaluation process, so obtaining this accreditation demonstrates a strong commitment to internal controls and data security practices. The report serves as proof of a service organization's internal control systems, giving customers valuable insights for selecting services.

The SOC 2 Type II report is issued by a third-party auditor following examinations of the systems and controls related to security, availability, and confidentiality within the EMQX Platform Services System. These examinations adhere to the requirements outlined in the AICPA Statement on Standards for Attestation Engagements (SSAE) No. 18, AT-C 105, 205, and TSP section 100, 2017 Trust Services Criteria. The report includes more than 150 controls across areas like the control environment, information and communication, risk assessment, control activities, and monitoring. It also covers sub-control areas like data security, access control, change management, and system operation, which the auditor thoroughly evaluates.

This SOC 2 Type II report confirms EMQ's adherence to a globally recognized standard for data confidentiality, access security control, and service availability. EMQ's reliable products and services have been embraced by leading cloud services, helping companies like HPE, Ericsson, Volkswagen, GM, Johnson Controls, TSMC, FOXCONN, Verifone, and many others develop IoT platforms and applications. EMQ has a global reach across more than 50 countries, connecting over 100 million IoT devices. Our solutions cater to a diverse user base, making EMQ the preferred choice for developers and DevOps teams to elevate IoT integrations, streamline data connectivity, and optimize distributed messaging.

"The successful completion of the SOC 2 Type II audit is a significant milestone for EMQ, highlighting our unwavering commitment to excellence and security standards. This certification strengthens trust among our global users and showcases our robust security measures,“ said, Dylan Kennedy, CEO of EMQ.

“We strictly adhere to the highest international standards, ensuring compliance with regulatory requirements and safeguarding data privacy at every step.”

In addition to the SOC 2 Type II certification, EMQ has also obtained several prestigious international information security certifications, such as SOC 2 Type I, SOC 1 Type II, TISAX, ISO 20000, and ISO 27001. The SOC 2 Type II Certification Report is another important milestone in our commitment to protecting user data integrity and creating a robust security framework.

EMQ remains steadfast in maintaining the highest information security standards across its portfolio, ensuring maximum customer data protection in the cloud environment. With our integrated suite of security features, you can confidently oversee your data flows while we focus on safeguarding them.

For more compliance information about EMQ, please visit Security & Trust Center.

About SOC 2

The SOC 2 Report (System and Organization Controls 2 Report) is an independent report developed by the American Institute of Certified Public Accountants (AICPA) to audit a service provider's services and internal controls based on the Trusted Service Criteria. This report is detailed, objective, and widely accepted as a globally recognized security audit standard. The SOC 2 report has become a crucial reference for organizations when selecting third-party cloud service providers.