Trust doesn’t come from a badge or a checkbox, it comes from the work done every day behind the scenes. At Cambium Networks, our customers rely on cnMaestro to manage mission-critical wireless networks with confidence, visibility, and control. That responsibility demands more than innovation; it demands rigor.
That’s why we’re proud to share that cnMaestro has remained SOC 2 Type II compliant continuously since 2023, successfully sustaining compliance through 2024 and into 2025. This milestone reflects not a point-in-time achievement, but a long-term commitment to security, reliability, and operational excellence.
Achieving and sustaining SOC 2 Type II compliance was never the responsibility of a single team, nor was it a compliance exercise. It required close collaboration across cnMaestro Engineering, IT, HR, Finance, and Legal, working together across multiple enterprise business processes. Engineering ownership was foundational with security, reliability, and operational control infused directly into the cnMaestro platform and development practices. Equally important were employee lifecycle management, vendor oversight, and contractual governance;thus SOC 2 Type II demanded a coordinated, organization-wide effort.
The Work Behind Achieving SOC 2 Type II
SOC 2 Type II is not a one-time exercise or a documentation only effort. It is a rigorous, independent assessment established by the American Institute of Certified Public Accountants (AICPA) that evaluates how an organization designs and operates its controls over time.
While SOC 2 Type I validates that controls are properly designed at a specific point in time, SOC 2 Type II requires sustained, real-world execution, typically over a six- to twelve-month audit period. Controls must be followed consistently, monitored continuously, and improved as systems, teams, and customer needs evolve.
For the cnMaestro development and SecOps teams, achieving SOC 2 Type II in 2023 meant embedding security and operational discipline into everyday workflows, automating these controls, and not preparing for an audit window, but fundamentally changing how we operate. This includes secure coding practices, security checks integrated into CI/CD pipelines, peer code reviews, ethical hacking, automated testing, shift-left mentality in both security and quality, and doubling down on cloud-native and infrastructure-as-code best practices.
Just as importantly, this effort extended well beyond the cnMaestro platform itself. IT, HR, Finance, and Legal teams worked alongside engineering and operations to ensure that enterprise business processes aligned with SOC 2 requirements. This included access provisioning and deprovisioning, employee onboarding and offboarding, vendor and contract management, financial controls, incident response coordination, and policy governance.
SOC 2 Type II evaluates controls across five Trust Service Criteria:
- Security – Protection against unauthorized access
- Availability – System reliability and resilience
- Processing Integrity – Systems operating as intended
- Confidentiality – Protection of sensitive information
- Privacy – Responsible handling of personal data
Meeting these criteria required consistent execution, evidence-based validation, and a culture of accountability across teams, day in and day out.
What This Means for cnMaestro Customers
For customers using cnMaestro, multi-year SOC 2 Type II compliance delivers meaningful, real-world benefits:
- Confidence that security and availability controls are continuously enforced
- Reduced friction during vendor risk assessments and compliance reviews
- Operational reliability supported by disciplined change and incident management
- Enterprise readiness for regulated industries and service providers
Whether you manage a small deployment or a globally distributed wireless network, cnMaestro is designed and operated to meet the expectations of organizations that take security seriously.
Sustaining Compliance Over Multiple Years Requires Even More Discipline
Achieving SOC 2 Type II compliance in 2023 was a significant milestone. Sustaining it through 2024 and 2025 required even greater discipline.
As cnMaestro evolved, with new features, scale, and customer demands, our teams had to continuously demonstrate that controls were operating effectively in real-world conditions. This meant treating security and compliance not as an annual audit exercise, but as part of how Cambium Networks runs its business.
Key elements of this sustained approach includes:
Security by Design
- Strong identity and access management
- Least-privilege access across systems
- Secure cloud-native configuration standards enforced by code across environments
Operational Rigor
- Formal change-management processes
- Clear isolation between development, testing, and production
- Documented and automated approvals, testing, and rollback procedures
Continuous Monitoring and Response
- Centralized logging and alerting
- Proactive, synthetic monitoring for security and availability issues
- Timely investigation and remediation of events
People, Process, and Accountability
- Role-based access aligned with job responsibilities
- Mandatory security awareness training
- Consistent onboarding and offboarding controls
Continuously Evolving
- Security practices adapting to evolving threat landscape
- Ongoing investments in automation, training and tooling
- Responsibly adopting new technologies to improve availability and security
Independent Validation
- Ongoing evidence collection throughout each audit period
- Testing by an independent third-party auditor
- Proof that controls work in practice and not just on paper
This was a true cross-functional effort, requiring sustained coordination across cnMaestro engineering, IT operations, HR, Finance, and Legal teams. Each group played a critical role in demonstrating that security and compliance are embedded across the enterprise and not siloed within a single function.
It wasn’t glamorous work, and it wasn’t confined to a single audit cycle, but it was essential.
Security Is a Long-Term Commitment
SOC 2 Type II certification is not a destination, it’s a baseline. Remaining compliant from 2023 through 2025 reflects how Cambium Networks approaches trust, through repeatable processes, consistent execution, and continuous improvement.
As cnMaestro continues to evolve, our commitment to security and operational excellence will evolve with it, that is guided by best practices, independent validation, and the needs of our customers.
Learn More About cnMaestro
cnMaestro offers a cloud-based, single-pane-of-glass approach to managing Cambium Networks’ wireless infrastructure, providing centralized visibility, control, and scalability across devices and sites.
To learn more, explore:
