As Lumi gains major security accreditation SOC2, we sat down with our CTO, Marc Harper to discuss what this means for the business and our customers, as well as the broader imperative for prioritizing security at the AGM.

In your own words, what is the SOC2 accreditation?

System and organisations controls, or SOC2, is an accreditation that focuses on the trusted service criteria of security, availability, processing integrity, confidentiality, and privacy, and validates that Lumi manages the data and security of their customers to the highest of standards. It is a notable security certification that gives Lumi significant differentiation in the market.

The audit to achieve the accreditation can only be performed by an independent CPA (Certified Public Accountant) or accountancy organisation. SOC2 auditors are regulated by and must adhere to specific professional standards established by the AICPA, giving this accreditation great credence in the market.

Maintaining the highest level of security has always been a priority to Lumi. SOC2 is a recognition of this - the icing on the cake to our security and offering validation that our virtual, hybrid, and in-person meetings are watertight.

Why does SOC2 matter and what does it mean for your customers in different markets?

SOC2 demonstrates to Lumi’s stakeholders that we maintain a high level of information security and are committed to handling sensitive information responsibly. The security of company meetings and conferences is paramount, and this certificate proves Lumi implements the necessary controls to ensure all data remains safe and secure, minimising the chances of a security breach.

As an internationally recognised accreditation, SOC2 will also bolster Lumi’s presence in other markets beyond the UK, especially the Middle East, the US, and Australia where the certificate has particular credence.

What does Lumi have in place to keep meetings secure?

We have several layers of security that keep all our meetings secure. Before an online or hybrid meeting, all shareholders will receive a unique access code to join the meeting. We also have strong controls in place including DDoS (Distributed Denial of Service) mitigation, that scans and blocks internet traffic attempting to disrupt our meeting. This is combined with industry best-practice encryption techniques, providing an extra layer against unauthorised access.

Our platform is regularly penetration tested using independent, accredited third-party experts, ensuring we are prepared for any potential threat. The penetration tests complement the automated scans from the market-leading vulnerability management platform we use, ensuring the complete security of our website and other online systems. At the same time, all our products are developed according to OWASP principles by our highly skilled and trained in-house developers.

How has Lumi’s security processes evolved since the end of the pandemic?

Over the last year, we’ve seen a return to in-person and hybrid meetings, although online meetings continue to dominate. We have rigorous security protocols and procedures in place for all formats and work with third parties to ensure that in-person meetings are just as secure as virtual ones.

In a world of evolving attacks, we’re always looking for new ways to make our processes more robust. What matters most is that businesses are providing investors with access to the AGM and an opportunity to have their voices heard. We're set up to facilitate this safely and securely, regardless of location.

What are the biggest security risks in the AGMs space right now and how can they be tackled?

The threat of hacktivist or activist disruption is one of our customers' biggest concerns. However, we tend to only see a high level of activist disruption in-room, with online and hybrid meetings being a safer, more secure, and engaging option for businesses and shareholders. The online Lumi platform is prepared for worst-case scenarios, and in the extremely unlikely event that a disruption occurs, we have strict crisis management strategies in place to deal with it. Thankfully, we have never needed to use this other than in our disaster recovery testing exercises.

Any final comments?

The AGM is the most important meeting of the year for businesses, so it’s understandable for organizers to be worried about potential threats. However, gaining the SOC2 accreditation is just one way we’re bolstering our security credentials so we can continue facilitating safe and engaging AGMs worldwide.

Lumi is the leading digital platform facilitating in-room, hybrid and virtual AGMs for the world’s largest corporations and membership organizations. It is the only platform that digitizes the entire lifecycle of an AGM in a single solution that enables sophisticated meeting facilitation before, during and after the live meeting.