• Mar 4, 2026
  • --

Magnolia’s security is officially SOC 2 Type 2 compliant

JuneJuly_SOC2 certified-blog

Experience Magnolia in action

Experience Magnolia's key features firsthand in an interactive product tour.

Take a tour now

Key insights

  • Magnolia has successfully completed the SOC 2 Type 2 audit, conducted by A-LIGN.

  • This certification provides independent verification that our security, availability, and data protection controls are operating effectively over time.

  • We embrace modern "continuous compliance" and rigorous vendor risk management to protect against evolving supply-chain and AI-related threats.

  • Customers in highly regulated industries (finance, healthcare, government) can trust Magnolia’s DXP to deliver secure, reliable digital experiences without compromising compliance.

At Magnolia DXP, safeguarding our customers’ data is our highest priority. That’s why we are proud to announce the successful completion of our SOC 2 Type 2 audit.

This milestone reinforces our commitment to delivering the most secure Digital Experience Platform (DXP) on the market. With Magnolia DXP, you can focus on building incredible digital experiences for your customers, knowing that your data security and system uptime are actively protected.

Our comprehensive security posture is exactly why high-profile organizations in heavily regulated industries—such as banking, financial services, government, and biotechnology and pharma—choose Magnolia DXP. When our customers release market-sensitive information or handle critical user data, they do so with absolute confidence.

What is the SOC 2 Type 2 certification?

SOC 2 (System and Organization Controls 2) is a rigorous compliance framework developed by the American Institute of Certified Public Accountants (AICPA). It is designed to provide regular, independent verification of the internal controls a company uses to mitigate information-related risks.

Specifically, a SOC 2 audit evaluates a technology service provider's ability to manage customer data based on five core Trust Services Criteria:

  • Security: Protection of system resources against unauthorized access.

  • Availabilty: Accessibility of the system, products, or services as stipulated by a contract or SLA.

  • Processing integrity: Delivery of complete, valid, accurate, and timely data processing.

  • Confidentiality: Protection of confidential information through restricted access.

  • Privacy: Secure collection, use, retention, and disclosure of personal information.

Achieving SOC 2 Type 2 certification demonstrates that Magnolia DXP not only has critical security policies in place but can also prove their operational effectiveness over an extended period.

SOC 2 Type 1 vs. Type 2: What is the difference?

When evaluating software vendors, it is important to understand the distinction between the two types of SOC 2 reports:

  • SOC 2 Type 1 (The Snapshot): This report evaluates an organization’s cybersecurity controls at a specific point in time. It verifies that the design of the security measures meets compliance standards on assessment day, but it does not measure ongoing activity.

  • SOC 2 Type 2 (The Marathon): This report goes a crucial step further. It proves that an organization's controls were not just designed correctly, but were operating effectively over a sustained review period (typically 6 to 12 months).

By achieving a Type 2 certification, Magnolia DXP provides continuous reassurance that our security policies are strictly enforced year-round—not just polished up for a single assessment day.

Meeting the modern security standard: Continuous compliance

The cybersecurity landscape evolves rapidly, and the expectations for SOC 2 compliance have never been stricter. Today, passing a SOC 2 Type 2 audit requires more than just a point-in-time checklist; it requires dynamic, real-time security. Our recent certification reflects our adherence to the most modern auditing standards:

  • Continuous monitoring: We don't just prepare for an assessment day. Magnolia DXP utilizes continuous compliance monitoring to ensure our security controls are active, effective, and functioning under real-world conditions 24/7/365.

  • Strict Vendor Risk Management: With supply-chain attacks on the rise globally, modern SOC audits heavily scrutinize third-party dependencies. Our certification verifies that we rigorously evaluate and monitor our own vendors, ensuring our entire ecosystem remains airtight.

  • Future-proof data governance: As new technologies like generative AI reshape the digital landscape, our robust change management and logical access controls ensure your data remains protected against emerging attack vectors and privacy concerns.

  • Annual re-certification: Security is an ongoing commitment. To ensure our defenses constantly evolve alongside emerging threats, Magnolia DXP undergoes rigorous independent audits to achieve re-certification for both SOC 2 Type 2 and ISO 27001 every single year.

Independently verified by A-LIGN

We didn't just grade our own homework. Our SOC 2 Type 2 audit was conducted by A-LIGN, a premier, technology-enabled compliance assessor. A-LIGN is trusted by more than 2,500 global organizations to evaluate and mitigate cybersecurity risks, adding a vital layer of independent validation to our security practices.

Why SOC 2 Type 2 certification matters for your business

Achieving this certification is a validation of the hard work put in by our security team and everyone across the Magnolia DXP organization. Security is at the heart of everything we build.

For our customers, this certification means peace of mind. It means reduced vendor risk, streamlined compliance reporting for your own internal audits, and the assurance that your digital presence is built on a rock-solid foundation.

Magnolia DXP offers a comprehensive suite of security features designed to support enterprise-grade compliance. Want to dive deeper into how we keep your data safe? 

Explore our complete security approach and features on our Security Page.

Magnolia DXP offers a comprehensive suite of security features designed to support enterprise-grade compliance.

Want to dive deeper into how we keep your data safe?

Additionally, head to our Trust Center to view our latest SOC 2 Type 2 report and explore our other industry-standard security certifications.

FAQs

About the authors
Jan Haderka

Jan Haderka

Chief Information and Security Officer (CISO), Magnolia

Jan has been developing software since 1995. Since 2000, he is focusing on content and knowledge management, having played a key role in Magnolia’s growth. After joining Magnolia as a developer in 2007, he became Head of Support, ran Magnolia’s Czech office, and took on the role of CIO and CTO. Since 2022, Jan is serving as Magnolia’s CISO.
Talal Waseem

Talal Waseem

Information Security Officer, Magnolia

Talal Waseem is the Information Security Officer at Magnolia, actively engaged in enhancing the organization's security posture and compliance. 

Information Security Management: Driving security initiatives and compliance to protect organizational assets.

Risk Assessment & Threat Modeling: Proactively identifying vulnerabilities and evaluating the threat landscape.

Cryptography: Extensive academic and practical knowledge, including thesis research on Post Quantum tunneling protocols.

Related articles

0/0
Navigating-the-great-China-firewall

Navigating the China firewall

  • sebastian-klingberg-2022
  • nora-hoernschemeyer
  • 10 March, 2026
  • Sebastian Klingberg, Nora Nowack
Blog_CLI streamlines the developer experience

Streamlining the developer experience with the new Magnolia CLI version 5

  • Martina Michlova
  • 9 January, 2026
  • Martina Michlova
new Headless Redirects 1200x628

A headless redirect strategy for IT and Editors

  • large-Martin Haderka square
  • 21 November, 2025
  • Martin Haderka
CMS Migration 1 Devs

Why developers are seeking monolith alternatives: A technical comparison

  • Jan-Schulte-new
  • 28 October, 2025
  • Jan Schulte
To SSR or not to SSR

To SSR or not to SSR: The Developer's Guide to Rendering in the Age of AI

  • To SSR or not to SSR
  • 8 September, 2025
  • Martina Michlova