After an independent auditor analyzed Ethyca’s security controls over the course of 12 months, Ethyca achieved SOC 2 Type II compliance for the second year in a row.
Ethyca completed its second SOC 2 Type II audit with the highest marks. This most recent audit lasted one year, from November 2021 to October 2022. The design and performance of roughly 70 security controls were examined throughout the year, and we achieved an unqualified result with no exceptions.
We are thrilled to announce this great news to everyone. We’d also like to explain what this means for you and how it will influence Ethyca moving forward.
Let’s quickly describe what’s so important about finishing this audit in the first place.
A SOC 2 Type II audit is an independent review of a company’s security practices. SOC stands for “System and Organization Controls.” The audit we completed is categorized as a SOC 2 Type II audit. A Type II audit takes months to complete, whereas a Type I audit evaluates a business’ security practice at a single point in time. For a software company like Ethyca, achieving SOC 2 Type II compliance is one of the most relevant and respected security accomplishments in the industry.
As described in the fifth principle of Privacy by Design, end-to-end security is an essential component of protecting user data. Passing the SOC 2 Type II audit affirms that Ethyca has been engaging in industry-standard privacy and security best practices.
Our first audit lasted from June to October 2021 and we have since maintained our security practices from last year. This year’s independent audit examined the design and operating effectiveness of roughly 70 security controls at Ethyca. We achieved an unqualified opinion with zero exceptions, which is the best result for this type of audit.
As a company that believes in the importance of data privacy, it’s imperative that we are evaluated by high standards as well. Retaining our SOC 2 Type II accreditation for a second year demonstrates Ethyca’s commitment toward security and privacy for our customers. You don’t just have to take our word for it – you’ll have an official independent auditor’s approval.
Ethyca will continue our commitment to building secure and reliable systems that protect user data. Companies worldwide depend on Ethyca to treat end-users’ data respectfully as a basic human right. This accreditation reflects and affirms our dedication to protecting personal data, with regard to not only privacy regulations but also rigorous security standards.
We are proud to uphold these data privacy and security principles for the past two years and will strive to continue doing so in the future.
Ethyca hosted its second P.x session with the Fides Slack Community earlier this week. Our Senior Software Engineer Thomas La Piana gave a live walkthrough of the open-source privacy engineering platform, Fides 2.0. He demonstrated how users can easily deploy Fides and go from 0 to full DSR automation in less than 15 minutes. If you weren’t able to attend, here are the three main points addressed during the session.
Introducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Ethyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Get a Demo