EMQX Dedicated New Feature: Event History is available for private beta test. →

EMQ Reinforces Trust and Security with SOC 1 Type II Certification for MQTT Services

Mar 15, 2024

EMQ Reinforces Trust and Security with SOC 1 Type II Certification for MQTT Services

Morgan Hill, CA, March 11, 2024 – EMQ, developer of the world’s leading open-source MQTT messaging platform, EMQX, is proud to announce its successful completion of the SOC 1 Type II audit, conducted by EY, a prestigious member of the Big Four international accounting firms. This certification underscores EMQ's dedication to upholding a stringent internal control management system for the EMQX platform, ensuring the delivery of secure and reliable services to its worldwide clientele.

The SOC Report (System and Organization Controls Report) stands as a globally recognized authoritative standard for evaluating the internal control and information security of service organizations. Noted for its rigorous requirements, obtaining the SOC certification is a testament to an organization’s commitment to maintaining high security and control standards. It serves as a critical reference for customers in choosing services, widely acknowledged across the globe.

The SOC1 Type II report is awarded by a third-party auditor following an in-depth evaluation of the systems and controls related to the user’s internal control over financial reporting within EMQX’s MQTT Platform Services System. This assessment adheres to the AICPA Statement on Standards for Attestation Engagements (SSAE) No. 18, AT-C 105, 205, and 320. The audit meticulously examines and verifies more than 100 controls across various domains, including Control Environment, Information and Communication, Risk Assessment, Monitoring, Identification and Access Management, Change Management, and Data Backup Management.

Achieving the SOC1 Type II report indicates that EMQX’s MQTT Platform services and its associated internal controls meet rigorous international standards, affirming our commitment to delivering secure and reliable services to our customers.

EMQ’s secure and dependable products and services have been adopted by leading public cloud services globally, assisting renowned companies such as HPE, Ericsson, Volkswagen, GM, Johnson Controls, TSMC, FOXCONN, Verifone, and many others, in developing IoT platforms and applications. Looking ahead, EMQ will continue adhering to the highest information security standards for its products and services, ensuring the safeguarding of customer data in the cloud.

Serving a diverse user base in over 50 countries and enabling connectivity for more than 100 million IoT devices globally, EMQ provides state-of-the-art solutions for digital transformation. Our expertise positions EMQ as the go-to choice for developers and DevOps teams aiming to enhance IoT integrations, improve data connectivity, and optimize performance in distributed messaging environments.

"Securing the SOC1 Type II certification marks a significant milestone for EMQ, demonstrating our unwavering commitment to earning and preserving our customers' trust. This achievement reflects the stringent security protocols we've established to protect their valuable data. In an era where data security is paramount, especially in the IoT sector, we continue to strive for surpassing industry standards. Trust is the cornerstone of EMQ's philosophy, and this certification further validates our dedication to transparency and excellence in service delivery,” stated EMQ CEO, Dylan Kennedy.

Furthermore, EMQ has attained several domestic and international information security-related certifications, including SOC 2 Type I, TISAX, CMMI Level 3, ISO 20000, and ISO 27001, among others. Achieving the SOC 1 Type II Certification Report is yet another critical step in our journey to protect user data security, reflecting our goal and commitment to establishing a high-standard security system. EMQ is also undergoing the SOC2 Type Ⅱ audit, showcasing our commitment to security, availability, and confidentiality of our services, and our determination to meet our customers' expectations for high security standards.

At EMQ, we pledge to deliver a secure, reliable, and trusted MQTT platform and services. Through a combination of technical proficiency, regulatory compliance, and stringent processes, we ensure your data’s protection as we propel your digital transformations. With our integrated comprehensive security features, you can confidently oversee your data flows while we focus on its protection.

For more compliance information about EMQ, please visit Security & Trust Center.

About SOC 1

The SOC1 report, issued in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA), or in accordance with the International Standard on Assurance Engagements 3402, provides management of the service organization, user entities, and the independent auditors of the user entities with information and a service auditor's report related to the service organization’s processes and controls affecting the entity’s internal control over financial reporting. The SOC1 report includes an opinion on the fairness of the system's description, the suitability of the design of the controls to achieve specified control objectives, and, in a type 2 report, the operating effectiveness of those controls.