PLATFORM » Data SECURITY » SOC 2
Dataddo SOC 2 Report
Dataddo System and Organization Controls (SOC) reports are the outcome of rigorous third-party audits that evaluate how Dataddo satisfies significant compliance controls and objectives. Our SOC 2 Security Type II report can help you and your auditors understand the Dataddo controls implemented to ensure data security, availability, confidentiality, privacy, and other important factors.
What is SOC 2?
SOC 2 (System and Organization Controls 2) is an auditing procedure designed to ensure that service providers securely manage client data. The SOC 2 audit is conducted annually by an independent, third-party auditor and is based on the Trust Services Criteria (TSC), which are a set of standards developed by the American Institute of Certified Public Accountants (AICPA).
Security: The system is protected against unauthorized access (both physical and logical).
Availability: The system is available for operation and use as committed or agreed.
Processing Integrity: System processing is complete, accurate, timely, and authorized.
Confidentiality: Information that is designated 'confidential' is protected as committed or agreed.
Privacy: Personal information is collected, used, retained, disclosed, and disposed of in accordance with the organization's privacy notice, as well as criteria set forth in the AICPA's Generally Accepted Privacy Principles (GAPP).
SOC 2 Type I: This report evaluates the design of a service organization's controls at a specific point in time. It provides a snapshot of the organization's controls and the extent to which they are designed to meet the Trust Services Criteria (TSC) at the date of the audit.
SOC 2 Type II: This report evaluates the operating effectiveness of a service organization's controls over a period of time (typically six to twelve months). It provides a comprehensive view of the organization's controls and the extent to which they are operating effectively to meet the TSC.
Frequently Asked Questions
What is the Dataddo SOC 2 report?
Which Dataddo services are covered by the SOC 2 Type II report?
What regions are covered by the Dataddo SOC 2 Type II report?
Who performs the independent third-party audit of Dataddo for SOC reports?
How often are Dataddo SOC 2 audits performed?
Is an NDA required to receive Dataddo SOC reports?