After a detailed third-party security audit, Ethyca’s enterprise data privacy platform achieves gold-standard security accreditation.
We are pleased to announce the successful completion of a third-party SOC 2 Type II audit on Ethyca’s enterprise privacy platform. The achievement is the result of our shared commitment to building secure and reliable systems.
Independent reviewers spent months assessing the integrity of our information systems, and we are proud to share that they found zero instances of noncompliance. Companies worldwide depend on Ethyca to treat end-users’ data with the respect they deserve. This accreditation reflects and affirms our dedication to protecting personal data, with regard to not only privacy regulations but also rigorous security standards.
SOC stands for “System and Organization Controls.” The recent audit is classified as SOC 2 to distinguish it from two related but distinct evaluations of an organization’s security practices. Whereas a SOC 2 Type I audit reviews practices at a single point in time, a SOC 2 Type II audit takes place over the course of months. For a software company like Ethyca, SOC 2 Type II compliance is one of the most relevant and respected security achievements in the industry.
Privacy and security are not the same, but they are tightly connected. In fact, strong security is a prerequisite for strong privacy. Privacy is about managing authorized access to information, and security is about protecting against unauthorized access. If a system fails to keep unauthorized agents out, the compromised security undermines any privacy management. (We’ve written more about this distinction here.)
As our platform users know, companies’ personal data stays on their infrastructure when they use Ethyca’s platform to manage users’ consent and rights fulfillment. We recognize our key role in supporting these companies as they implement their end-users’ legal privacy rights. Our customers and their end-users deserve a sturdy foundation for their privacy experience, and Ethyca’s independent security accreditation is a testament to that foundation.
A SOC 2 Type II audit does not happen overnight. An independent, third-party firm carried out the SOC 2 audit over the course of many months. Per the Association of International Certified Professional Accountants, the audit encompassed:
“Detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.”
Among many factors, the audit assessed processes for managing customer data, information security policies, and the extent to which company practices aligned with those policies.
Privacy and security run parallel in numerous ways. For instance, our initiative to bring privacy into the Software Development Life Cycle follows a similar leftward shift that’s occurred in AppSec. Privacy and security are both continuous endeavors. SOC 2 Type II compliance is one important milestone in an ongoing practice of prioritizing security in how we work and how we build software.
Steadfast in our commitment to building trustworthy technology and helping other teams do the same, we continue to prioritize security in our projects like the Fides developer tools. In delivering best-in-class security, we are equipped to provide best-in-class privacy solutions.
Ethyca hosted its second P.x session with the Fides Slack Community earlier this week. Our Senior Software Engineer Thomas La Piana gave a live walkthrough of the open-source privacy engineering platform, Fides 2.0. He demonstrated how users can easily deploy Fides and go from 0 to full DSR automation in less than 15 minutes. If you weren’t able to attend, here are the three main points addressed during the session.
Introducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Ethyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!
Get a Demo