New Certifications Elevate Okta’s Commitment to Transparency, World-Class Security Standards
San Francisco, CA — January 7, 2016 — Okta, the leading provider of identity and mobility management for the cloud and mobile enterprise, today announced new traction with major security compliance standards. The company is pursuing authorization with the Federal Risk and Authorization Management Program (FedRAMP), obtained ISO 27001 certification for its information security management system, and is the first and only identity-as-a-service company to achieve the Cloud Security Alliance (CSA) Security, Trust, & Assurance Registry (STAR) Level 2 Attestation. Achieving these certifications demonstrates Okta’s commitment to transparency and providing the highest standards of security and availability to its thousands of customers across regions, and to serving the most regulated and security-conscious industries.
“We believe that cloud and mobile should be synonymous with security,” said David Baker, Okta’s chief security officer. “Every organization should be able to benefit from the accessibility and productivity of the cloud and mobile world without the fear of crippling security and privacy breaches. As we move forward with FedRAMP, and have achieved both ISO 27001, and Level 2 CSA STAR, Okta will continue to effect the most rigorous security standards, enabling the success of our customers across every industry and geography.”
Okta Enters Second Stage of Compliance with FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide, standardized approach to security assessment, authorization and continuous auditing for Federal agencies that want to adopt cloud products and services. FedRAMP authorization will allow government agencies to easily adopt Okta’s identity, mobility and security solutions at scale, knowing Okta meets the highest security standards. Okta is pleased to pursue the FedRAMP authorization under the sponsorship of the Department of Justice.
Global Security Certifications
ISO 27001 is a global information security standard, which sets requirements for the protection and management of information, intellectual property, employee details, and customer data. Certification indicates that Okta exhibits a systematic and ongoing approach to security controls and the protection of sensitive data. To achieve certification, Okta participated in an extensive audit by an independent third-party assessor, which examined the company's overall security best practices, access control, and risk management.
Okta is the first and only identity-as-a-service company to achieve Level 2 CSA STAR Attestation. The CSA STAR program is the first cloud-specific security framework, and Attestation provides customers the assurance of a rigorous third-party independent assessment. Star Attestation is based on type 2 SOC attestations plus additional Cloud Controls Matrix criteria.