- Proton announced its success of a type II SOC2 audit
- The rigorous audit checks the appropriate implementation of security controls
- This is additional proof that Proton can help companies comply with compliance
Proton AG has announced its completion of another independent audit, also demonstrating the gravity with which it takes data security and user confidentiality.
Completed in July 2025, this is the first time that the supplier behind Proton confidentiality tools, which includes one of the best VPNs and E -mail services encrypted on the market, obtained the SOC2 Type II certificate. However, this adds to the growing number of third -party audits that the Swiss company has suffered.
The external audit, led by Schellman, included interviews and documents of documents to determine that the internal security controls of Proton are properly implemented.
What is type II SOC2 and why is it important?
SOC2 Type II is a recognized standard of compliance that assesses how a company manages customer data.
More than checking that a company has specific security checks, it assesses their effectiveness over a long period of time, generally several months.
The independent third party audit was produced by Schellman, an audit firm specializing in certificate and certification services.
Proton ended a type II SOC 2 certificate.July 22, 2025
The realization of the SOC2 type II audit shows that the proton has not only solid safety measures in place, but follows them regularly.
“The SOC 2 Type II certificate of Proton proves that our security is not only technical – it is operational,” said Proton security manager Patricia Egger, in a press release on the Proton website.
The news reports to companies that Proton has solid internal controls for data security. This also helps them meet their own compliance requirements, such as GDPR, and trust that sensitive data is managed in a responsible manner.
An increasing assembly of proof of proton safety
An increasing number of technological companies submit their systems to independent audits to provide transparency and promote confidence.
With type II SOC2 audit, Proton went further than most. He joined Nord Security, the company behind NordVPN, whose Nordpass and Nordlayer products have passed the same audit.
The latest Proton audit adds to an increasing set of evidence of its commitment to data security and the confidentiality of its users. He followed Proton receiving his ISO 27001 certification in May 2024, an international standard for managing information security.
Proton VPN also had its non-logs policy, which was independently audited by SECURITUM in July 2024. The independent audits of non-lugarithm policies are more common, with Surfshark and ExpressVPN which have also recently verified their complaints without commitment.
