3 min read
Datamaran Achieves SOC 2 Type II Compliance and Certification
3 min read
As part of our ongoing commitment to best practices in information security and customer data privacy, we are pleased to announce that we have successfully achieved SOC 2 Type II compliance and certification. Ensuring we have robust controls in place to handle data with the utmost care and responsibility is crucial, as is the ability to assure our customers of that through the SOC 2 Type II audit report.
What SOC 2 Type II compliance means
The American Institute of Certified Public Accountants (AICPA) developed the System and Organization Controls frameworks that are better known as SOC 1, 2 and 3. These frameworks are designed to evaluate a service provider’s internal controls and systems as they relate to information security through an independent audit program that results in a third-party report.
SOC 2 Type II specifically examines systems and controls related to five areas of data management: security, availability, processing integrity, confidentiality, and privacy. Whereas a type I audit looks at the suitability of controls and the effectiveness of systems at a specific point in time, a type II audit looks in detail over a period of months at the operational effectiveness of those controls and systems. A SOC Type II report therefore provides one of the best methods of demonstrating to customers that you have effective end-to-end controls in place to safeguard their data. In the case of Datamaran, our audit performed by Sensiba LLP had no noted exceptions and was issued with a “clean” audit opinion from Sensiba, meaning we met all the necessary relevant criteria and passed with flying colors.
Why security matters more than ever
All businesses need to protect themselves and their customers from the ever-increasing threat of cyberattacks. Examining the 2023 financial filings from nearly 5,500 companies globally, ‘Cybersecurity & information security’ was the third most emphasized ESG+ issue - indicating its vital importance to corporate strategies and risk management practices.
This aligns with recent regulatory trends. According to Datamaran’s ESG+ regulatory database, there were 111% more ‘Cybersecurity & information security’ regulatory developments over the past five years than the five years prior, with the majority being mandatory for companies. While protecting businesses’ vital assets is certainly a component, ensuring the protection of customer data sits at the heart of many of these developments. ‘Data privacy management’ has witnessed a 175% increase in regulatory activity over the past five years compared with the five years prior, mostly driven by European and US regulators.
As these threats - and their repercussions - continue to grow in scale and scope, it’s safe to expect even more focus from companies and regulators on tightening protections.
Our ongoing commitment to data security
Achieving SOC 2 Type II certification is a major milestone for Datamaran and the culmination of a lot of hard work by our team to enable us to meet the necessary standards. I am very grateful and proud of everyone's efforts to get us to this point. But these efforts are ongoing and continuous and we can’t be complacent.
We are committed to maintaining the standards we’ve implemented, following best practices and ensuring our systems and controls keep us ahead of the compliance requirements (SOC 2, GDPR, UK privacy laws etc.) and the security risks. One way we’re doing this is by using the security and compliance automation platform Drata to help us manage and monitor our controls. At Datamaran, we want to give all our customers and partners continued assurance over the security of our platform and their data and lead from the front in terms of best practices. You can visit our Trust page to find out more about our security posture, and certifications and to request access to our policies.
Visit our Product page to find out more about Datamaran’s AI-powered Smart ESG platform.