After a detailed third-party security audit, Ethyca’s enterprise data privacy platform achieves gold-standard security accreditation.
We are pleased to announce the successful completion of a third-party SOC 2 Type II audit on Ethyca’s enterprise privacy platform. The achievement is the result of our shared commitment to building secure and reliable systems.
Independent reviewers spent months assessing the integrity of our information systems, and we are proud to share that they found zero instances of noncompliance. Companies worldwide depend on Ethyca to treat end-users’ data with the respect they deserve. This accreditation reflects and affirms our dedication to protecting personal data, with regard to not only privacy regulations but also rigorous security standards.
SOC stands for “System and Organization Controls.” The recent audit is classified as SOC 2 to distinguish it from two related but distinct evaluations of an organization’s security practices. Whereas a SOC 2 Type I audit reviews practices at a single point in time, a SOC 2 Type II audit takes place over the course of months. For a software company like Ethyca, SOC 2 Type II compliance is one of the most relevant and respected security achievements in the industry.
Privacy and security are not the same, but they are tightly connected. In fact, strong security is a prerequisite for strong privacy. Privacy is about managing authorized access to information, and security is about protecting against unauthorized access. If a system fails to keep unauthorized agents out, the compromised security undermines any privacy management. (We’ve written more about this distinction here.)
As our platform users know, companies’ personal data stays on their infrastructure when they use Ethyca’s platform to manage users’ consent and rights fulfillment. We recognize our key role in supporting these companies as they implement their end-users’ legal privacy rights. Our customers and their end-users deserve a sturdy foundation for their privacy experience, and Ethyca’s independent security accreditation is a testament to that foundation.
A SOC 2 Type II audit does not happen overnight. An independent, third-party firm carried out the SOC 2 audit over the course of many months. Per the Association of International Certified Professional Accountants, the audit encompassed:
“Detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.”
Among many factors, the audit assessed processes for managing customer data, information security policies, and the extent to which company practices aligned with those policies.
Privacy and security run parallel in numerous ways. For instance, our initiative to bring privacy into the Software Development Life Cycle follows a similar leftward shift that’s occurred in AppSec. Privacy and security are both continuous endeavors. SOC 2 Type II compliance is one important milestone in an ongoing practice of prioritizing security in how we work and how we build software.
Steadfast in our commitment to building trustworthy technology and helping other teams do the same, we continue to prioritize security in our projects like the Fides developer tools. In delivering best-in-class security, we are equipped to provide best-in-class privacy solutions.
Learn more about all of the updates on the Fides 2.20 release here.
Ethyca’s Principal Product Manager Rachel Silver takes you through the privacy intelligence dictionary Fides Compass, and shows how it makes data mapping, consent, and compliance faster and easier than ever.
Fides Compass provides deep intelligence about commonly used third-party vendors to automate data mapping and consent, getting you to a state of global privacy compliance quickly. Learn everything about what Fides Compass does, and how, in this blog post.
Our web developer, Suchi Natarajan, breaks down the Global Privacy Control (GPC) and how to comply with it.
Our VP of Sales, James Frey, breaks down how Ethyca’s privacy solutions bridge the silos between legal and engineering teams.
Read how our VP of Engineering Neville Samuell combines his love for the General Data Protection Regulation (GDPR) and the open-source software community here.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo