SANTA CLARA, CA—Jan. 22, 2020— Tuya Smart, a leading global IoT development platform, today announced that it has officially obtained the SOC 2 Audit Report through an independent assessment completed by EY in order to ensure user network security and protect user privacy. SOC 2 is an auditing procedure that ensures service providers securely manage data to protect the interests of an organization and the privacy of its clients. For security-conscious businesses, SOC 2 compliance gives brands peace of mind when it comes to considering a SaaS provider.

Information security and privacy management is a reason for concern for all organizations, including those that outsource key business operations to third-party vendors (e.g., SaaS, cloud-computing providers). Mishandled data—especially by application and network security providers—can leave enterprises vulnerable to attacks, such as data theft, extortion, and malware installations. Tuya is committed to ensuring device safety and data privacy and the SOC 2 compliance will give their customers extra reassurance on top of the other security and data privacy regulations and guidelines that Tuya already adheres to, such as compliance with GDPR and the CCPA, ISO certifications, constant improvements following third-party penetration testing, and bug bounty programs.

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 defines criteria for managing customer data based on the trust service principles. The specific Trust Service Principles must be met in order to achieve consolidated auditing requirement:

-Security: The system has controls in place to protect against unauthorized access (both physical and logical).

-Availability: The system is available for operation and use as committed or agreed.

-Confidentiality: Information that is designated as “confidential” by a user is protected.

-Privacy: Personal information is collected, used, retained, and disclosed in accordance with the operation’s privacy notice and principles set by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).

“We, as well as industry security experts, believe that the objectivity and independence of third-party security certification, qualifications, audits, and reports have become an important basis for large multinational companies to choose cloud service providers,” said Fritz Werder, General Manager for Tuya North America. “With the increasing global personal data and privacy protection laws getting stricter, auditing reports, certifications, and third-party validations will continue to be important as companies like ours strive to keep improving with the times.”

Tuya has achieved a comprehensive validation with the SOC 2 Type II Report and has proven that Tuya’s system infrastructure, data operation security, and organizational protection measures are designed to keep their clients’ sensitive data secure. When it comes to working with the cloud and related IT services, such performance and reliability is absolutely essential and increasingly required by regulators, examiners, and auditors.

About Tuya Smart

Tuya Smart is a leading global IoT development platform with a unique, all-in-one offering of cloud + connectivity + app that makes it easy and affordable for brands, retailers, and OEMs to make their products smart. Tuya’s platform has smart-enabled more than 250,000 product SKUs in hundreds of categories worldwide, serving over 260,000 developers globally. Tuya is internationally operated with headquarters in the U.S., Germany, India, Japan, Colombia, and China.

For more information, please visit: Tuya's website, LinkedIn, Facebook, Twitter or YouTube.