- 2 Minutes to read
-
DarkLight
System and Organization Controls (SOC)
- 2 Minutes to read
-
DarkLight
Dataddo System and Organization Controls (SOC) Reports are the result of independent third-party audits that examine how Dataddo achieves key compliance controls and objectives. Dataddo has a SOC 2 Security Type II certification and as a result, the SOC 2 Security Type II report will help you and your auditors understand the Dataddo controls established to support data security, availability, confidentiality, privacy, and more.
What is SOC 2
SOC 2 is an auditing procedure designed to ensure that service providers securely manage data to protect the interests of your organization and the privacy of its clients. Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “Trust Service Principles”.
- Security: the system is protected against unauthorized access, both physical and logical
- Availability: the system is available for operation and use as committed or agreed
- Processing integrity: system processing is complete, accurate, timely, and authorized
- Confidentiality: information designated as confidential is protected as committed or agreed
- Privacy: personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with the criteria set forth in Generally Accepted Privacy Principles
A SOC 2 report comes in two formats:
- Type I: measures policies and procedures that are in place at a specific moment in time
- Type II: measures the effectiveness of policies and procedures as operated over a specified time period, with a minimum of six months
What is the Dataddo SOC 2 Type II report?
Dataddo has a SOC 2 Type II report for Dataddo platform. The report describes Dataddo’s security controls for Dataddo platform, and examines the suitability and effectiveness of those controls to meet the AICPA Trust Service Principles. It provides an independent assessment of how well Dataddo Cloud manages data with respect to security, availability, and confidentiality.
What data privacy standards does Dataddo have to be compliant with to be SOC 2 Type II certified?
- GDPR
- ISO/IEC 27001
- Health Insurance Portability and Accountability Act (HIPAA)
- California Consumer Privacy Act (CCPA)
- General Data Protection Law (LGPD)
- Protection of Personal Information Act (POPI Act)
Which Dataddo services are in the scope for the SOC 2 Type II report?
The scope of the SOC 2 Type II report includes all services provided by Dataddo.
Who performs the independent 3rd-party audit of Dataddo for SOC reports?
BDO Czech Republic performs the Dataddo SOC 2 audits.
What was the testing period for the most recent report and how often are Dataddo SOC 2 audits performed?
The Dataddo SOC 2 Type II report covers the period from June 1, 2021 to February 28, 2022. New reports are released annually.
Is an NDA required to receive Dataddo SOC reports?
Yes, an NDA is required to review the Dataddo SOC 2 Type II report. Please contact us to begin the process.
This page is for informational purposes only, and Dataddo does not intend the information or recommendations presented here to constitute legal advice. Each customer is responsible for independently evaluating its own particular use of Dataddo's services as appropriate to support its legal and compliance obligations.