Skip to main content

Regulatory Compliance

Dremio meets the IT control requirements for several compliance frameworks and certifications, as described below.

SOC 2 Type II Report

Dremio maintains compliance with the American Institute of Certified Public Accountants (AICPA) System and Organization Controls - Trust Services Criteria, commonly known as SOC 2.

Key Benefits

SOC 2 Type II reports provide an in-depth analysis of cloud service providers regarding the safeguards a company uses to protect customer data and how these controls are performing overall. These reports are issued by independent, third-party auditors and cover the key points of Security, Availability, Confidentiality, and Privacy.

This independent assessment of Dremio Cloud provides a detailed report regarding the environments used to provide security and privacy of customer data overall. The report provide descriptions of these controls, the tests performed to assess their effectiveness, the results of said tests, and then an overall opinion regarding the design and operational effectiveness of the environments.

ISO 27001 Certification

ISO 27001 is an internationally recognized specification for an Information Security Management System (ISMS). ISO 27001 is the only auditable standard that deals with the overall management of information security, rather than just which technical controls to implement.

Key Benefits

Obtaining ISO 27001:2013 certification demonstrates that Dremio employs a comprehensive framework of legal, physical, and technical controls for information risk management.

GDPR Compliance

Dremio is compliant with the storage and security of its data according to Article 27 of the General Data Protection Regulation (GDPR). Please see Dremio's Privacy Policy for additional information regarding our appointed European Data Protection Office (EDPO) in the EU.

Key Benefits

As part of the European Union, specific regulations exist that require companies to maintain compliance with GDPR. This governs the way user data is stored, processed, and utilized on Dremio Cloud. Specifically, this prevents the exploitation of user data and standardizes the data protection laws that services must follow throughout Europe.

CCPA Compliance

Dremio maintains compliance with the California Consumer Privacy Act (CCPA), which regulates the handling of personal data and prevents any unauthorized use or sale. Please see Dremio's Privacy Notice For California Residents for additional information.

Key Benefits

Adherence to CCPA by an organization ensures that California residents have the right to opt out of having their data sold to third parties, request disclosure of data collected, and request deletion of said data.

HIPAA Compliance

Dremio is compliant with the Health Insurance Portability and Accountability Act (HIPAA), a series of federal regulatory standards that outline the lawful use and disclosure of protected health information in the United States. HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

Key Benefits

Adherence to HIPAA ensures that healthcare providers, health plans, healthcare clearinghouses, and business associates of HIPAA-covered entities must implement multiple safeguards to protect sensitive personal and health information.