After an independent auditor analyzed Ethyca’s security controls over the course of 12 months, Ethyca achieved SOC 2 Type II compliance for the second year in a row.
Ethyca completed its second SOC 2 Type II audit with the highest marks. This most recent audit lasted one year, from November 2021 to October 2022. The design and performance of roughly 70 security controls were examined throughout the year, and we achieved an unqualified result with no exceptions.
We are thrilled to announce this great news to everyone. We’d also like to explain what this means for you and how it will influence Ethyca moving forward.
Let’s quickly describe what’s so important about finishing this audit in the first place.
A SOC 2 Type II audit is an independent review of a company’s security practices. SOC stands for “System and Organization Controls.” The audit we completed is categorized as a SOC 2 Type II audit. A Type II audit takes months to complete, whereas a Type I audit evaluates a business’ security practice at a single point in time. For a software company like Ethyca, achieving SOC 2 Type II compliance is one of the most relevant and respected security accomplishments in the industry.
As described in the fifth principle of Privacy by Design, end-to-end security is an essential component of protecting user data. Passing the SOC 2 Type II audit affirms that Ethyca has been engaging in industry-standard privacy and security best practices.
Our first audit lasted from June to October 2021 and we have since maintained our security practices from last year. This year’s independent audit examined the design and operating effectiveness of roughly 70 security controls at Ethyca. We achieved an unqualified opinion with zero exceptions, which is the best result for this type of audit.
As a company that believes in the importance of data privacy, it’s imperative that we are evaluated by high standards as well. Retaining our SOC 2 Type II accreditation for a second year demonstrates Ethyca’s commitment toward security and privacy for our customers. You don’t just have to take our word for it – you’ll have an official independent auditor’s approval.
Ethyca will continue our commitment to building secure and reliable systems that protect user data. Companies worldwide depend on Ethyca to treat end-users’ data respectfully as a basic human right. This accreditation reflects and affirms our dedication to protecting personal data, with regard to not only privacy regulations but also rigorous security standards.
We are proud to uphold these data privacy and security principles for the past two years and will strive to continue doing so in the future.
Ethyca’s VP of Engineering Neville Samuell recently spoke at the University of Texas at Austin’s Texas McCombs School of Business about privacy engineering and its role in today’s digital landscape. Read a summary of the discussion by Neville himself here.
Learn more about all of the updates in the Fides 2.24 release here.
Ethyca’s Senior Software Engineer Adam Sachs goes through the thought process of creating Fideslang, the privacy engineering taxonomy that standardizes privacy compliance in software development.
Learn more about all of the updates in the Fides 2.23 release here.
Our Senior Software Engineer Dawn Pattison walks you through implementing data minimization into your business.
Learn more about all of the updates in the Fides 2.22 release here.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo