After a detailed third-party security audit, Ethyca’s enterprise data privacy platform achieves gold-standard security accreditation.
We are pleased to announce the successful completion of a third-party SOC 2 Type II audit on Ethyca’s enterprise privacy platform. The achievement is the result of our shared commitment to building secure and reliable systems.
Independent reviewers spent months assessing the integrity of our information systems, and we are proud to share that they found zero instances of noncompliance. Companies worldwide depend on Ethyca to treat end-users’ data with the respect they deserve. This accreditation reflects and affirms our dedication to protecting personal data, with regard to not only privacy regulations but also rigorous security standards.
SOC stands for “System and Organization Controls.” The recent audit is classified as SOC 2 to distinguish it from two related but distinct evaluations of an organization’s security practices. Whereas a SOC 2 Type I audit reviews practices at a single point in time, a SOC 2 Type II audit takes place over the course of months. For a software company like Ethyca, SOC 2 Type II compliance is one of the most relevant and respected security achievements in the industry.
Privacy and security are not the same, but they are tightly connected. In fact, strong security is a prerequisite for strong privacy. Privacy is about managing authorized access to information, and security is about protecting against unauthorized access. If a system fails to keep unauthorized agents out, the compromised security undermines any privacy management. (We’ve written more about this distinction here.)
As our platform users know, companies’ personal data stays on their infrastructure when they use Ethyca’s platform to manage users’ consent and rights fulfillment. We recognize our key role in supporting these companies as they implement their end-users’ legal privacy rights. Our customers and their end-users deserve a sturdy foundation for their privacy experience, and Ethyca’s independent security accreditation is a testament to that foundation.
A SOC 2 Type II audit does not happen overnight. An independent, third-party firm carried out the SOC 2 audit over the course of many months. Per the Association of International Certified Professional Accountants, the audit encompassed:
“Detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.”
Among many factors, the audit assessed processes for managing customer data, information security policies, and the extent to which company practices aligned with those policies.
Privacy and security run parallel in numerous ways. For instance, our initiative to bring privacy into the Software Development Life Cycle follows a similar leftward shift that’s occurred in AppSec. Privacy and security are both continuous endeavors. SOC 2 Type II compliance is one important milestone in an ongoing practice of prioritizing security in how we work and how we build software.
Steadfast in our commitment to building trustworthy technology and helping other teams do the same, we continue to prioritize security in our projects like the Fides developer tools. In delivering best-in-class security, we are equipped to provide best-in-class privacy solutions.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team at Ethyca attended the PEPR 2022 Conference in Santa Monica live and virtually between June 23rd and 24th. We compiled three main takeaways after listening to so many great presentations about the current state of privacy engineering, and how the field will change in the future.
For privacy engineers to build privacy directly into the codebase, they need agreed-upon definitions for translating policy into code. Ethyca CEO Cillian unveils an open source system to standardize definitions for personal data living in the tech stack.
Masking data is an essential part of modern privacy engineering. We highlight a handful of masking strategies made possible with the Fides open-source platform, and we explain the difference between key terms: pseudonymization and anonymization.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Book a Demo