Okta has completed another pooled audit, leading the industry by transforming traditional one-to-one assessments into a collaborative, industry-first approach. This new model not only streamlines the audit experience but delivers impact: 90% of participating customers reported significantly greater confidence in demonstrating compliance. This new, collaborative model builds on the foundation we've detailed in our previous posts of the Customer Trust series, which cover our team's mission, mandate, and more.

Expanding our Program

Routine, individual audits have remained crucial for building customer confidence and fostering strong relationships. In order to address the inherent time and resource demands of the traditional one-on-one model, we've introduced an innovative pooled audit program designed to work alongside it.

Our Customer Audit program directly reflects the Love our Customers core value and is a testament to our long-term commitment to lead the industry in the fight against identity-based attacks.

To support our global customers, we’ve launched region-specific regulatory support, starting with the Digital Operational Resilience Act (DORA) in the European Union and United Kingdom and, more recently, the Australian Prudential Regulation Authority (APRA) in Australia. As regulatory expectations around cloud service providers continue to evolve, these collaborative audit sessions are helping us proactively meet customer needs while setting a new standard for partnership and trust at scale.

Program Benefits

Okta is leading the charge in elevating confidence and clarity across the evolving regulatory landscape. Our program establishes a new industry benchmark, paving a fundamental shift in the collaborative dynamics between critical technology vendors and customers. We bring multiple industry-specific customers into Okta offices for multi-day, hands-on sessions to collectively assess our controls against specific cybersecurity regulations.

In our most recent pooled audit, we thoroughly covered Australian Prudential Regulation Authority (APRA) expectations with our Financial Services Industry (FSI) customers in the region. The nine key domains that were covered included:

1. BCP and Operational Resilience,

2. Datacenter Security,

3. Third Party Risk Management,

4. Enterprise Risk Management,

5. Physical Security and Identity Access,

6. Change Control and Configuration,

7. Cryptography,

8. Vulnerability Management, and

9. Security Incident Management. 

The result wasn't just a compliance checkmark — based on the feedback captured, 90% of participating customers left with significantly higher confidence in their ability to demonstrate their organization’s compliance to the APRA regulation. Since launch, we’ve realized the following program benefits:

Fostering Trust 

This one-to-many model eradicates the heavy resource strain of one-to-one, repetitive audits. Our customers are at the heart of everything we do. It is important to highlight how Okta builds trust by demonstrating our robust security. As Okta continues to grow and is now considered a critical outsource provider, this pooled audit model is helping more customers meet regulatory obligations. 

Deeper collaboration and shared insights

Our program introduces a change from the standard private audit model by introducing opportunities to engage with industry peers and share learnings. Okta’s in-person audit setting helps support the fostering of new connections and strengthening existing relationships, enabling a forum to share best practices and gain invaluable insights from both Okta and pooled audit participants.

Proactivity versus reactivity

While these new regulations don't directly impact Okta, we take a proactive approach by engaging our customers directly when new regulations emerge. By helping them understand how Okta's security controls apply and effectively address new requirements, we can support them in their compliance adherence efforts.

Measuring What Matters

Measuring the success of pooled audit programs not only gives our security team and leadership insight into what is driving concerns for customers, but also how we can improve future sessions.

Most recently, 90% of APRA pooled audit participants reported high program effectiveness, and 94% reported increased confidence in Okta as a security partner. Our program’s mandate is to build lasting trust and strengthen partnerships. Here’s what our customers are saying about us:

• “I like the concept of the pooled audit. It was good to have the Okta team outline the control environment to help us to complete our obligation requirements. It was good to connect with other customers that are in similar positions.” - Senior Manager at a global financial services company

• “The information sharing was open and questions were answered well and comprehensively.” - Technology Risk Manager at a globally recognized financial services company

• “Okta/Auth0 is a key service provider for our business services. It was good to understand the security controls and evidence shown in the pooled audit which demonstrates the security posture and maturity across Okta/Auth0.” - Head of Security Strategy and Architecture at a global retail payment company

• “The openness of Okta in sharing information has supported our compliance journey. The session allowed us to get better insights and comfort around how a key partner is ensuring the security and continuity of services to its customers. Opening discussion and being able to gain clarification directly from senior leaders.” - Senior Operational Risk Manager at a global retail payment company

• “The face-to-face engagement was excellent, and Okta's collaborative approach was a significant benefit. We feel it's truly important to foster this trusted relationship and to continue growing more secure together" – EU Customer 

Our Future Vision

We’re focused on continuing to expand our Customer Audit program across new industries and regions, opening the program benefits to additional customers outside of Financial Services. We believe a world-leading SaaS identity service can support their success. We’re committed to supporting our customers through the evolving and complex regulatory landscape they face.

This journey toward scalable assurance is bigger than Okta. We’re calling on our peers in the security SaaS community to join in on these efforts. Are you exploring pooled audits or similar collaborative models? Reach out at customeraudit@okta.com to collaborate on audit-based insights and accelerate the industry's progress for all customers. 

By openly sharing our collective expertise and challenges, we can create a more trusted, secure ecosystem for everyone. We welcome your feedback and partnership as we build this new standard, together.