System and Organization Controls (SOC)
  • 2 Minutes to read
  • Dark
    Light

System and Organization Controls (SOC)

  • Dark
    Light

Article Summary

The Dataddo System and Organization Controls (SOC) reports are generated by independent third-party auditors. They provide detailed information on how Dataddo aligns with key compliance controls and objectives. Our SOC 2 Security Type II certification demonstrates our commitment to data security, availability, confidentiality, and more.

The SOC 2 Security Type II report provides valuable information about the controls Dataddo has implemented to support these objectives.

What is SOC 2?

SOC 2 is an audit process ensuring service providers handle data with utmost security to safeguard organizational interests and client privacy. Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five Trust Service Principles:

  • Security: The system is protected against unauthorized access, both physical and logical.
  • Availability: The system is available for operation and use as committed or agreed.
  • Processing integrity: System processing is complete, accurate, timely, and authorized.
  • Confidentiality: Information designated as confidential is protected as committed or agreed.
  • Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with the criteria set forth in Generally Accepted Privacy Principles.

SOC 2 reports come in two formats:

  • Type I: Measures policies and procedures that are in place at a specific moment in time.
  • Type II: Measures the effectiveness of policies and procedures as operated over a specified time period, with a minimum of six months.

What is the Dataddo SOC 2 Type II report?

The Dataddo SOC 2 Type II report is the result of an independent audit conducted by a third-party auditor that examines the effectiveness of Dataddo's security controls over a specified period of time, with a minimum of six months.

The report describes Dataddo’s security controls for Dataddo platform, and examines the suitability and effectiveness of those controls to meet the AICPA Trust Service Principles. It provides an independent assessment of how well Dataddo Cloud manages data with respect to security, availability, and confidentiality.

Data Privacy Standards Complied by Dataddo for SOC 2 Type II Certification

As an SOC 2 Type II certified organization, Dataddo is committed to complying with:

FAQ

Which Dataddo services are in the scope for the SOC 2 Type II report?

The scope of the SOC 2 Type II report includes all services provided by Dataddo.

Who performs the independent 3rd-party audit of Dataddo for SOC reports?

BDO Czech Republic performs the Dataddo SOC 2 audits.

How frequent is the Dataddo SOC 2 Audit and what is the Reporting Period?

The Dataddo SOC 2 Type II report covers the period from June 1, 2022 to February 28, 2023. New reports are released annually.

Is an NDA required to receive Dataddo SOC reports?

Yes, an NDA is required to review the Dataddo SOC 2 Type II report. Please contact us to begin the process.

Disclaimer

The information presented on this page is provided for informational purposes only, and Dataddo does not intend for the information or recommendations presented here to be construed as legal advice. Each customer is responsible for independently evaluating their own use of Dataddo's services to ensure compliance with their legal and regulatory obligations.


Was this article helpful?