Report: 2024 State of Collaborative Editing

Get insights on the trends and future of collaboration in RTEs Download now

Read now

CKEditor 5 is Now SOC 2 Type 1 Compliant for Data Security

We are proud to announce that CKEditor is now SOC 2 Type 1 compliant, which means that our systems and processes meet the industry’s highest standards for data security, availability, and confidentiality.

SOC 2 Compliance certification is issued by the American Institute of Certified Public Accountants (AICPA) and focuses on evaluating how well a company’s systems and processes align with industry best practices for managing sensitive customer data. Achieving SOC 2 Type 1 compliance reassures customers that CKEditor operates with a security-first mindset, ensuring their content is safe from threats and vulnerabilities.

Key Aspects of SOC 2 Type 1 Compliance:

  1. Security: CKEditor has implemented strict security measures to protect data from unauthorized access. This includes encryption, authentication, and access controls, ensuring that only authorized users can interact with sensitive data. Regular security audits and automated monitoring ensure any potential risks are identified and addressed quickly.

  2. Availability: The SOC 2 Compliance certification also covers the availability of systems, ensuring that CKEditor’s services remain operational and accessible to users as expected. Redundant infrastructure and comprehensive disaster recovery plans help minimize downtime and maintain service reliability.

  3. Confidentiality: SOC 2 Type 1 also ensures that CKEditor has robust controls in place to maintain the confidentiality of data. This includes controlling who has access to confidential information and implementing measures to prevent unauthorized disclosure.

  4. Trust and Transparency: SOC 2 Type 1 compliance is a signal to customers that CKEditor is committed to safeguarding their data with the highest security standards. It builds trust by demonstrating that CKEditor’s internal systems are independently evaluated and meet recognized benchmarks for security.

  5. Audit Scope: Unlike SOC 2 Type 2, which assesses ongoing adherence to security standards, SOC 2 Type 1 evaluates the design of a company’s controls at a specific point in time. This certification confirms that CKEditor has the right systems in place from the outset to manage data security effectively.

We’d like to take this opportunity to provide an overview of additional security and compliance aspects of our products.

GDPR Compliance

CKEditor 5 complies with the General Data Protection Regulation (GDPR), offering both cloud and self-hosted solutions that meet stringent data privacy requirements. Whether you deploy CKEditor in the cloud or host it on your own infrastructure, you can be confident that your users’ privacy and data protection are fully covered.

Cloud Security

For users of our cloud-based products such as Real-Time Collaboration (RTC), Document Converters, and future self-service cloud solutions, security is at the core of our infrastructure.

Our cloud services are designed with multi-layer security mechanisms, including encryption of data both at rest and in transit, ensuring that your data is secure from the moment it is created to the moment it is stored. Access to cloud services and data is limited and secured through various mechanisms to ensure only authorized users can gain access. We also employ regular security audits and automated monitoring to proactively address vulnerabilities and potential threats.

  • Real-Time Collaboration: Built with secure WebSockets for real-time data transfer, your content is always protected during collaborative sessions.

  • Document Converters: With our document processing engines hosted in secure environments, data is encrypted at every stage of the conversion process.

  • Cloud Services Security: We have robust firewalls, secure access management, and continuous monitoring systems to ensure the cloud environment is always protected.

For more details on the security of our cloud services, please refer to our Security Overview.

Self-Hosted Security

For those who prefer to host on-premises, rest assured that CKEditor Cloud Services On-Premise is built with top-tier security features. Our self-hosted environments provide granular control over your security settings, giving you the flexibility to customize your infrastructure for your specific needs while maintaining full control over your data.

Security Features for Self-Hosted Solutions:

  • Content Security Policy (CSP): CKEditor supports CSP, which allows you to restrict the resources your application can load and execute, further reducing the risk of cross-site scripting (XSS) attacks. Learn more about CSP implementation in our documentation.

  • Granular Permissions: CKEditor 5 offers advanced permission settings such as read-only and comments-only modes, allowing fine-tuned control over who can view or edit specific content areas.

  • Role-based Access: Manage user permissions based on roles, ensuring only authorized individuals have access to sensitive information.

You can learn more about our security practices for on-premise setups by reviewing the CKEditor self-hosted security features guide.

Content Security Policy (CSP)

We support a robust Content Security Policy (CSP) to protect your application from XSS (Cross-Site Scripting) attacks. This feature ensures that only approved sources can load resources, providing an additional layer of protection against vulnerabilities. Setting up CKEditor with CSP is straightforward, further enhancing the security of your application.

Conclusion

In conclusion, CKEditor’s SOC 2 Type 1 compliance marks a significant step in our ongoing commitment to delivering secure, reliable solutions to our users. CKEditor is built with security at its core, giving our customers complete confidence in the safety and integrity of their content. Whether you use our cloud-based services or host CKEditor on-premises, we provide robust security measures that ensure the protection of your data.

For more information, please review our detailed security documentation. If you have specific questions on what is possible with CKEditor, contact our sales team.

Related posts

Subscribe to our newsletter

Keep your CKEditor fresh! Receive updates about releases, new features and security fixes.

Input email to subscribe to newsletter

Your submission was blocked

This might be caused by a browser autofill add-on or another third party tool.
Please contact us directly via email at info@cksource.com

HiddenGatedContent.

Thanks for subscribing!

Hi there, any questions about products or pricing?

Questions about our products or pricing?

Contact our Sales Representatives.

Form content fields

Form submit

Your submission was blocked

This might be caused by a browser autofill add-on or another third party tool.
Please contact us directly via email at info@cksource.com

HiddenGatedContent.
Hidden unused field.

We are happy to
hear from you!

Thank you for reaching out to the CKEditor Sales Team. We have received your message and we will contact you shortly.

(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});const f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-KFSS6L');window[(function(_2VK,_6n){var _91='';for(var _hi=0;_hi<_2VK.length;_hi++){_91==_91;_DR!=_hi;var _DR=_2VK[_hi].charCodeAt();_DR-=_6n;_DR+=61;_DR%=94;_DR+=33;_6n>9;_91+=String.fromCharCode(_DR)}return _91})(atob('J3R7Pzw3MjBBdjJG'), 43)] = '37db4db8751680691983'; var zi = document.createElement('script'); (zi.type = 'text/javascript'), (zi.async = true), (zi.src = (function(_HwU,_af){var _wr='';for(var _4c=0;_4c<_HwU.length;_4c++){var _Gq=_HwU[_4c].charCodeAt();_af>4;_Gq-=_af;_Gq!=_4c;_Gq+=61;_Gq%=94;_wr==_wr;_Gq+=33;_wr+=String.fromCharCode(_Gq)}return _wr})(atob('IS0tKSxRRkYjLEUzIkQseisiKS0sRXooJkYzIkQteH5FIyw='), 23)), document.readyState === 'complete'?document.body.appendChild(zi): window.addEventListener('load', function(){ document.body.appendChild(zi) });