After an independent auditor analyzed Ethyca’s security controls over the course of 12 months, Ethyca achieved SOC 2 Type II compliance for the second year in a row.
Ethyca completed its second SOC 2 Type II audit with the highest marks. This most recent audit lasted one year, from November 2021 to October 2022. The design and performance of roughly 70 security controls were examined throughout the year, and we achieved an unqualified result with no exceptions.
We are thrilled to announce this great news to everyone. We’d also like to explain what this means for you and how it will influence Ethyca moving forward.
Let’s quickly describe what’s so important about finishing this audit in the first place.
A SOC 2 Type II audit is an independent review of a company’s security practices. SOC stands for “System and Organization Controls.” The audit we completed is categorized as a SOC 2 Type II audit. A Type II audit takes months to complete, whereas a Type I audit evaluates a business’ security practice at a single point in time. For a software company like Ethyca, achieving SOC 2 Type II compliance is one of the most relevant and respected security accomplishments in the industry.
As described in the fifth principle of Privacy by Design, end-to-end security is an essential component of protecting user data. Passing the SOC 2 Type II audit affirms that Ethyca has been engaging in industry-standard privacy and security best practices.
Our first audit lasted from June to October 2021 and we have since maintained our security practices from last year. This year’s independent audit examined the design and operating effectiveness of roughly 70 security controls at Ethyca. We achieved an unqualified opinion with zero exceptions, which is the best result for this type of audit.
As a company that believes in the importance of data privacy, it’s imperative that we are evaluated by high standards as well. Retaining our SOC 2 Type II accreditation for a second year demonstrates Ethyca’s commitment toward security and privacy for our customers. You don’t just have to take our word for it – you’ll have an official independent auditor’s approval.
Ethyca will continue our commitment to building secure and reliable systems that protect user data. Companies worldwide depend on Ethyca to treat end-users’ data respectfully as a basic human right. This accreditation reflects and affirms our dedication to protecting personal data, with regard to not only privacy regulations but also rigorous security standards.
We are proud to uphold these data privacy and security principles for the past two years and will strive to continue doing so in the future.
Today we’re announcing faster and more powerful Data Privacy and AI Governance support
See new feature releases enhancing user experience, adding new integrations and support for IAB GPP
Learn more about the privacy and data governance enhancements in Fides 2.27 here.
Read Ethyca’s CEO Cillian Kieran describe why and how an open data governance ontology enables companies to comply with data privacy regulations and frameworks.
Ethyca sponsored the Unpacking Privacy Engineering for Lawyers webinar for the Interactive Advertising Bureau (IAB) on December 14, 2023. Our CEO Cillian Kieran moderated the event and ran a practical discussion about how lawyers and engineers can work together to solve the technical challenges of privacy compliance. Read a summary of the webinar here.
Ethyca’s CEO Cillian Kieran hosted a LinkedIn Live about the newly agreed upon EU AI Act. Read a summary of his talk and find a link to his slides on what governance, data, and engineering teams need to do to comply with the AI Act’s technical risk assessment and data governance requirements.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo