Navan Successfully Completes SOC 1®, SOC 2®, ISO 27001 and PCI Audits

PALO ALTO, February 9, 2023 — Navan, the all-in-one super app that makes travel and expense easy, today announced its completion of several third-party system reviews including Service Organization Controls (SOC) 1 Type II, Service Organization Controls (SOC) 2 Type II, ISO 27001 and Payment Card Industry Data Security Standard (PCI DSS) for its travel booking and expense solutions.

As a travel provider with thousands of global customers, Navan prioritizes data privacy and security. These third-party certifications help give Navan's customers and vendor partners peace of mind that their company and employee data are kept secure using industry best practices.

"This is a significant milestone in our journey towards building and maintaining customer trust," said Prabhath Karanth, Head of Security and Trust at Navan. "The completion of these certifications confirms our commitment to handling customer financial information safely and securely, and demonstrates our adherence to internal controls to meet customers' financial reporting needs.”

SOC 1 Type II audit provides a comprehensive review of the business processes and IT controls of Navan and Navan Expense — the company’s fintech spend solution — validating the accuracy of data processing and storage. Having also completed PCI DSS compliance, Navan received PCI AOC (Attestation of Compliance) reports both as a merchant and service provider.

SOC 2 is an auditing procedure that ensures service providers manage data to protect the interests of an organization and its clients’ security and privacy. Developed by The American Institute of CPAs (AICPA), SOC 2 is defined by five “trust service principles” for managing customers’ data: security, availability, processing integrity, confidentiality, and privacy. Focused on implementing well-defined policies, procedures, and practices, SOC 2 establishes trust in the secure nature and operation of an organization’s cloud infrastructure.

ISO 27001 certification is an essential international standard for information security management. By obtaining this certification, Navan has shown the robustness of its security posture to prospects and customers in global markets, while indicating Navan's commitment to personal data. By adhering to the stringent standards set forth by ISO 27001, Navan has positioned itself as a trustworthy partner for businesses seeking reliable and secure solutions for their information management needs.

Navan also renewed its PCI DSS certification for 2023, confirming its adherence to the security standards set by the Payment Card Industry Security Standards Council for the secure handling of credit card information. PCI DSS is administered by the Payment Card Industry Security Standards Council. The certificate gives reasonable assurance that companies that accept, process, store or transmit credit card information maintain a secure environment, reducing the risk of unauthorized access to customer data.

About Navan

Navan is the all-in-one solution that makes travel easy so you can focus on being there, not getting there. Say goodbye to spending hours on the phone trying to change your flight or saving stacks of receipts to manually input expenses. From EAs and finance teams to travel managers and employees, Navan empowers people to focus on the things that matter most to them—all while providing companies with real-time visibility, savings, and control. Learn more at navan.com