On this page

    Regulatory Compliance

    Overview

    Dremio meets the IT control requirements for several compliance frameworks and certifications, as described below.

    SOC 2 Type II Report

    Dremio maintains compliance with the American Institute of Certified Public Accountants (AICPA) System and Organization Controls - Trust Services Criteria, commonly known as SOC 2.

    Our SOC 2 Type II report is available upon request, with the signing of an NDA. Please contact your account/sales representative for more information.

    Key Benefits

    SOC 2 Type II reports provide an in-depth analysis of cloud service providers regarding the safeguards a company uses to protect customer data and how these controls are performing overall. These reports are issued by independent, third-party auditors and cover the key points of Security, Availability, Confidentiality, and Privacy.

    This independent assessment of Dremio Cloud provides a detailed report regarding the environments used to provide security and privacy of customer data overall. The report provide descriptions of these controls, the tests performed to assess their effectiveness, the results of said tests, and then an overall opinion regarding the design and operational effectiveness of the environments.

    ISO 27001 Certification (Pending)

    Dremio expects to receive its ISO 27001:2013 compliance (information security management) certification in May 2022.

    Key Benefits

    Obtaining ISO 27001:2013 certification for a company demonstrates that Dremio employs a comprehensive framework of controls spanning legal, physical, and technical controls for information risk management.

    GDPR Compliance

    Dremio is compliant with the storage and security of its data according to Article 27 of the General Data Protection Regulation (GDPR). Please see Dremio’s Privacy Policy for additional information regarding our appointed European Data Protection Office (EDPO) in the EU.

    Key Benefits

    As part of the European Union, specific regulations exist that require companies to maintain compliance with GDPR. This governs the way user data is stored, processed, and utilized on Dremio Cloud. Specifically, this prevents the exploitation of user data and standardizes the data protection laws that services must follow throughout Europe.

    CCPA Compliance

    Dremio maintains compliance with the California Consumer Privacy Act (CCPA), which regulates the handling of personal data and prevents any unauthorized use or sale. Please see Dremio’s Privacy Notice For California Residents for additional information.

    Key Benefits

    Adherence to CCPA by an organization ensures that California residents have the right to opt out of having their data sold to third parties, request disclosure of data collected, and request deletion of said data.