DoControl is now SOC2 type II certified
Compliance

DoControl is now SOC2 type II certified

When you launch a cybersecurity startup, one of the most important priorities is to hold your product, people, and business processes to the highest standards around information security. Not only is it expected by most customers, but it’s the kind of culture you should drive internally. Your cybersecurity product comes with risks that you’re expected to manage continuously. 

Protecting our product, customers, and employee data is the most important objective.

Therefore, we started the DoControl Security & Compliance program from day 1. Our people understand that customer data protection is a top priority. Our product is built with dozens of security controls from the ground up. Our production environment is being monitored, tested, and measured 24/7 even as you read this post. Most importantly, we leverage multiple 3rd party security consultants, security vendors, and top certified auditors to put our security & compliance program to the test.

Today, we’re excited to announce that DoControl is now SOC2 type II certified.

Here’s a full list of our security & compliance achievements:

SOC2 type II certified

This report is intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes

Learn more on the official AICPA documentation.

ISO 27001 certified

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature. 

Learn more on the official ISO documentation.

Cloud Security Alliance CAIQ self-assessment published

The Consensus Assessments Initiative Questionnaire (CAIQ) v3.1. offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM).   

Therefore, it helps cloud customers to gauge the security posture of prospective cloud service providers and determine if their cloud services are suitably secure. CAIQ v3.1 represents a minor update to the previous CAIQ v3.0.1. In addition to improving the clarity and accuracy, it also supports better auditability of the CCM controls. The new updated version aims to not only correct errors but also appropriately align and improve the semantics of unclear questions for corresponding CCM v3.0.1 controls. In total, 49 new questions were added, and 25 existing ones were revised.   

Learn more on the official Cloud Security Alliance CAIQ documentation

Reviewed by AWS

The AWS Foundational Technical Review (FTR), formerly known as Technical Baseline Review, enables you to identify and remediate risks in your products or solutions. The FTR requires you to meet a specific set of requirements based on the AWS Well-Architected Framework to ensure that your solutions follow AWS best practices related to security, reliability, and operational excellence.

The FTR is led by an AWS Partner Solutions Architect (PSA) in a one-on-one engagement. You can conduct an FTR at no cost. AWS Partners can prepare for an FTR by completing an AWS Well-Architected Review with the Foundational Technical Review Lens. All AWS Partners are highly encouraged to conduct an FTR to mitigate workload risks and deliver positive customer outcomes.

Successful completion of an FTR enables you to earn a "Reviewed by AWS" solutions badge, unlock funding benefits, and become eligible for various AWS Partner Programs. An FTR is valid for two years from the date of successful completion.

Learn more on the official AWS documentation.

Conclusion 

We will continue to go above and beyond to protect our customers data as this is a continuous effort, not a one-off investment. In the meantime, we encourage you to challenge our security & compliance program and suggest any feedback by reaching out to security@docontrol.io.

Related Posts