DoControl is now SOC2 type II certified
Compliance

DoControl is now SOC2 type II certified

Adam Gavish
April 16, 2021

When you launch a cybersecurity startup, one of the most important priorities is to hold your product, people, and business processes to the highest standards around information security. Not only is it expected by most customers, but it’s the kind of culture you should drive internally. Your cybersecurity product comes with risks that you’re expected to manage continuously. 

Protecting our product, customers, and employee data is the most important objective.

Therefore, we started the DoControl Security & Compliance program from day 1. Our people understand that customer data protection is a top priority. Our product is built with dozens of security controls from the ground up. Our production environment is being monitored, tested, and measured 24/7 even as you read this post. Most importantly, we leverage multiple 3rd party security consultants, security vendors, and top certified auditors to put our security & compliance program to the test.

Today, we’re excited to announce that DoControl is now SOC2 type II certified.

Here’s a full list of our security & compliance achievements:

SOC2 type II certified

This report is intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes

Learn more on the official AICPA documentation.

ISO 27001 certified

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature. 

Learn more on the official ISO documentation.

Cloud Security Alliance CAIQ self-assessment published

The Consensus Assessments Initiative Questionnaire (CAIQ) v3.1. offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM).   

Therefore, it helps cloud customers to gauge the security posture of prospective cloud service providers and determine if their cloud services are suitably secure. CAIQ v3.1 represents a minor update to the previous CAIQ v3.0.1. In addition to improving the clarity and accuracy, it also supports better auditability of the CCM controls. The new updated version aims to not only correct errors but also appropriately align and improve the semantics of unclear questions for corresponding CCM v3.0.1 controls. In total, 49 new questions were added, and 25 existing ones were revised.   

Learn more on the official Cloud Security Alliance CAIQ documentation

Reviewed by AWS

The AWS Foundational Technical Review (FTR), formerly known as Technical Baseline Review, enables you to identify and remediate risks in your products or solutions. The FTR requires you to meet a specific set of requirements based on the AWS Well-Architected Framework to ensure that your solutions follow AWS best practices related to security, reliability, and operational excellence.

The FTR is led by an AWS Partner Solutions Architect (PSA) in a one-on-one engagement. You can conduct an FTR at no cost. AWS Partners can prepare for an FTR by completing an AWS Well-Architected Review with the Foundational Technical Review Lens. All AWS Partners are highly encouraged to conduct an FTR to mitigate workload risks and deliver positive customer outcomes.

Successful completion of an FTR enables you to earn a "Reviewed by AWS" solutions badge, unlock funding benefits, and become eligible for various AWS Partner Programs. An FTR is valid for two years from the date of successful completion.

Learn more on the official AWS documentation.

Conclusion 

We will continue to go above and beyond to protect our customers data as this is a continuous effort, not a one-off investment. In the meantime, we encourage you to challenge our security & compliance program and suggest any feedback by reaching out to security@docontrol.io.

The SaaS Security Threat Landscape Report

Research-based benchmarks to assess risk across critical threat model

Read now
DoControl - SaaS data access control - open blog button
Get updates to your inbox
Our latest tips, insights, and news
Follow DoControl on social media
DoControl - SaaS data access control - Linkedin logoDoControl - SaaS data access control - Twitter logo
Related Posts
SaaS Security Posture Management (SSPM) for Enterprises
Corey O'Connor
March 21, 2023

Read more
DoControl - SaaS data access control - open blog button
Customer Spotlight: How Finaro Leverages DoControl to Prevent PCI Data Leakage
Corey O'Connor
March 9, 2023

Read more
DoControl - SaaS data access control - open blog button
Data is the NEW Endpoint: Why Data Security is Critical Now More Than Ever
Corey O'Connor
February 22, 2023

Read more
DoControl - SaaS data access control - open blog button
Platform
Platform Overview
SaaS Asset Management
Continuous Monitoring
Automated Security Workflows
Integrations
Use Cases
Data Access Control
SaaS DLP
Shadow Application Governance
Insider Risk Management
Incident Response
Compliance Enablement
Security
ISO 27001
SOC2 type II
CSA CAIQ
Resources
Product whitepaper
Security whitepaper
Use Cases whitepaper
Solution brief
Blog
Collateral
Webinars
Events
Videos
FAQ
Company
About
Customers
Partner with us
News
Press Releases
Careers - We’re Hiring
Security
Services Support
Terms of use
Privacy Policy
Contact
Contact us
Get a demo
Free Risk Assessment
DoControl - SaaS data access control - Linkedin logoDoControl - SaaS data access control - Twitter logo
AWS Partner Network reviewedGDPR readyGDPR ready
DoControl | 333 West 39th St #403, New York, NY 10018 | © 2023 DoControl, Inc. All Rights Reserved