Menlo Security offers a scalable and safe enterprise browsing experience through the Menlo Secure Cloud Browser, securing over 400 billion sessions annually worldwide. Menlo keeps users safe by blocking threats directly on their devices, using the local browser as part of a multi-layered security system, and providing secure access to applications for remote and hybrid workers. 

Since Menlo goes beyond traditional browser isolation to protect against threats, they strive to lead the industry with a top-notch security program. Menlo Security chose A-LIGN as their audit partner to accomplish SOC 2, ISO/IEC 27001, ISO 27017, and ISO 27018 compliance. 

The challenge: Providing third-party assurance to users with a growing compliance program 

Menlo’s offerings are built on three pillars—Manage, Protect, and Secure. These pillars not only lie at the forefront of Menlo’s product but also reflect the company’s goals for their customers, including organizations in the federal government, financial services, and public sectors. 

Clients rely on Menlo to ensure their data is safe while browsing. Providing third-party assurance while completing multiple security assessments as efficiently as possible is a top priority for the Menlo team. 

The company also embraces building a culture of security within their organization. With an elite internal security awareness initiative promoting security and compliance training, newsletters, phishing campaigns, and more. Menlo is deeply committed to fostering security within the company. 

Menlo Security aims to continuously improve their key security pillars and facilitate expansion into new markets and territories. To achieve this, Menlo sought an audit partner who understood their mission to uphold the highest standards through various cybersecurity audits, thereby demonstrating trust to customers, partners, and employees. 

The solution: Consolidating audit efforts with a trusted audit provider 

Menlo Security turned to A-LIGN to achieve its assessment goals as its compliance program continued to grow. 

Menlo has been ISO 27001-certified since 2018, with gap assessments and interim assessments. The company successfully transitioned from ISO 27001:2013 to ISO 27001:2022 and completed a full 12-month SOC 2 Report for the first time in 2024. 

Combining efforts delivered significant and timely results—by conducting their ISO 27001 and SOC 2 engagements simultaneously, Menlo saved 60% of the time they would have spent gathering evidence. 

With careful planning and efficient execution, the A-LIGN team was able to fulfill Menlo’s assessment goals while freeing up time and resources for its team. 

Menlo also appreciated the audit team’s attention to detail in the final report, as well as their responsiveness when questions were raised during the audit process. A-LIGN was able to quickly resolve any queries, putting the Menlo team at ease and consistently resulting in positive communication. 

Looking forward

Menlo Security is expanding into new sectors and locations, exploring additional compliance frameworks, and combining assessments to save time, resources, and budget. In 2025, they aim to mature their processes further, ensuring compliance with all managed frameworks and strengthening user trust.

About Menlo Security

Menlo Security protects organizations from cyber threats that attack web browsers. Menlo Security’s patented Cloud-Browser Security Platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. The company is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JPMorgan Chase. Menlo Security is headquartered in Mountain View, California. For more information, please visit www.menlosecurity.com.