Dremio meets the IT control requirements for several compliance frameworks and certifications, as described below.
SOC 2 Type II Report
Dremio maintains compliance with the American Institute of Certified Public Accountants (AICPA) System and Organization Controls - Trust Services Criteria, commonly known as SOC 2.
Our SOC 2 Type II report is available upon request, with the signing of an NDA. Please contact your account/sales representative for more information.
SOC 2 Type II reports provide an in-depth analysis of cloud service providers regarding the safeguards a company uses to protect customer data and how these controls are performing overall. These reports are issued by independent, third-party auditors and cover the key points of Security, Availability, Confidentiality, and Privacy.
This independent assessment of Dremio Cloud provides a detailed report regarding the environments used to provide security and privacy of customer data overall. The report provide descriptions of these controls, the tests performed to assess their effectiveness, the results of said tests, and then an overall opinion regarding the design and operational effectiveness of the environments.
ISO 27001 Certification (Pending)
Dremio expects to receive its ISO 27001:2013 compliance (information security management) certification in May 2022.
Obtaining ISO 27001:2013 certification for a company demonstrates that Dremio employs a comprehensive framework of controls spanning legal, physical, and technical controls for information risk management.
As part of the European Union, specific regulations exist that require companies to maintain compliance with GDPR. This governs the way user data is stored, processed, and utilized on Dremio Cloud. Specifically, this prevents the exploitation of user data and standardizes the data protection laws that services must follow throughout Europe.
Dremio maintains compliance with the California Consumer Privacy Act (CCPA), which regulates the handling of personal data and prevents any unauthorized use or sale. Please see Dremio’s Privacy Notice For California Residents for additional information.
Adherence to CCPA by an organization ensures that California residents have the right to opt out of having their data sold to third parties, request disclosure of data collected, and request deletion of said data.