Ethyca Successfully Completes SOC 2 Type II Audit

Treating User Data with Respect

We are pleased to announce the successful completion of a third-party SOC 2 Type II audit on Ethyca’s enterprise privacy platform. The achievement is the result of our shared commitment to building secure and reliable systems.

Independent reviewers spent months assessing the integrity of our information systems, and we are proud to share that they found zero instances of noncompliance. Companies worldwide depend on Ethyca to treat end-users’ data with the respect they deserve. This accreditation reflects and affirms our dedication to protecting personal data, with regard to not only privacy regulations but also rigorous security standards.

Why SOC 2 Type II Matters

SOC stands for “System and Organization Controls.” The recent audit is classified as SOC 2 to distinguish it from two related but distinct evaluations of an organization’s security practices. Whereas a SOC 2 Type I audit reviews practices at a single point in time, a SOC 2 Type II audit takes place over the course of months. For a software company like Ethyca, SOC 2 Type II compliance is one of the most relevant and respected security achievements in the industry.

Privacy and security are not the same, but they are tightly connected. In fact, strong security is a prerequisite for strong privacy. Privacy is about managing authorized access to information, and security is about protecting against unauthorized access. If a system fails to keep unauthorized agents out, the compromised security undermines any privacy management. (We’ve written more about this distinction here.)

As our platform users know, companies’ personal data stays on their infrastructure when they use Ethyca’s platform to manage users’ consent and rights fulfillment. We recognize our key role in supporting these companies as they implement their end-users’ legal privacy rights. Our customers and their end-users deserve a sturdy foundation for their privacy experience, and Ethyca’s independent security accreditation is a testament to that foundation.

How We Achieved Compliance

A SOC 2 Type II audit does not happen overnight. An independent, third-party firm carried out the SOC 2 audit over the course of many months. Per the Association of International Certified Professional Accountants, the audit encompassed:

“Detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.”

Among many factors, the audit assessed processes for managing customer data, information security policies, and the extent to which company practices aligned with those policies.

What’s Next

Privacy and security run parallel in numerous ways. For instance, our initiative to bring privacy into the Software Development Life Cycle follows a similar leftward shift that’s occurred in AppSec. Privacy and security are both continuous endeavors. SOC 2 Type II compliance is one important milestone in an ongoing practice of prioritizing security in how we work and how we build software.

Steadfast in our commitment to building trustworthy technology and helping other teams do the same, we continue to prioritize security in our projects like the Fides developer tools. In delivering best-in-class security, we are equipped to provide best-in-class privacy solutions.