After a detailed third-party security audit, Ethyca’s enterprise data privacy platform achieves gold-standard security accreditation.
We are pleased to announce the successful completion of a third-party SOC 2 Type II audit on Ethyca’s enterprise privacy platform. The achievement is the result of our shared commitment to building secure and reliable systems.
Independent reviewers spent months assessing the integrity of our information systems, and we are proud to share that they found zero instances of noncompliance. Companies worldwide depend on Ethyca to treat end-users’ data with the respect they deserve. This accreditation reflects and affirms our dedication to protecting personal data, with regard to not only privacy regulations but also rigorous security standards.
SOC stands for “System and Organization Controls.” The recent audit is classified as SOC 2 to distinguish it from two related but distinct evaluations of an organization’s security practices. Whereas a SOC 2 Type I audit reviews practices at a single point in time, a SOC 2 Type II audit takes place over the course of months. For a software company like Ethyca, SOC 2 Type II compliance is one of the most relevant and respected security achievements in the industry.
Privacy and security are not the same, but they are tightly connected. In fact, strong security is a prerequisite for strong privacy. Privacy is about managing authorized access to information, and security is about protecting against unauthorized access. If a system fails to keep unauthorized agents out, the compromised security undermines any privacy management. (We’ve written more about this distinction here.)
As our platform users know, companies’ personal data stays on their infrastructure when they use Ethyca’s platform to manage users’ consent and rights fulfillment. We recognize our key role in supporting these companies as they implement their end-users’ legal privacy rights. Our customers and their end-users deserve a sturdy foundation for their privacy experience, and Ethyca’s independent security accreditation is a testament to that foundation.
A SOC 2 Type II audit does not happen overnight. An independent, third-party firm carried out the SOC 2 audit over the course of many months. Per the Association of International Certified Professional Accountants, the audit encompassed:
“Detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.”
Among many factors, the audit assessed processes for managing customer data, information security policies, and the extent to which company practices aligned with those policies.
Privacy and security run parallel in numerous ways. For instance, our initiative to bring privacy into the Software Development Life Cycle follows a similar leftward shift that’s occurred in AppSec. Privacy and security are both continuous endeavors. SOC 2 Type II compliance is one important milestone in an ongoing practice of prioritizing security in how we work and how we build software.
Steadfast in our commitment to building trustworthy technology and helping other teams do the same, we continue to prioritize security in our projects like the Fides developer tools. In delivering best-in-class security, we are equipped to provide best-in-class privacy solutions.
Ethyca’s VP of Engineering Neville Samuell recently spoke at the University of Texas at Austin’s Texas McCombs School of Business about privacy engineering and its role in today’s digital landscape. Read a summary of the discussion by Neville himself here.
Learn more about all of the updates in the Fides 2.24 release here.
Ethyca’s Senior Software Engineer Adam Sachs goes through the thought process of creating Fideslang, the privacy engineering taxonomy that standardizes privacy compliance in software development.
Learn more about all of the updates in the Fides 2.23 release here.
Our Senior Software Engineer Dawn Pattison walks you through implementing data minimization into your business.
Learn more about all of the updates in the Fides 2.22 release here.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo