Domino Receives SOC 2 Type II Certification

Thomas Robinson2020-05-28 | 5 min read

Return to blog home

By Thomas Robinson, VP of Strategic Partnerships & Initiatives, Domino on May 28, 2020 in Product Updates

Data science is a critical capability for sophisticated enterprises, utilizing their most sensitive data about operations, customers, services, and products. Without accessing and using that core data to build models, the results of data science work are far less valuable. Furthermore, once developed, the intellectual property encoded in those models is an incredibly valuable asset that needs to be protected.

With 95% of CIOs expecting cybersecurity threats to increase and impact their organizations, keeping data and models secure is a top concern for IT departments.1

Domino takes our operational and technical security very seriously. As such, we’re pleased to announce that an independent third-party auditor has certified our platform to be SOC 2 Type II compliant with industry best practices for information security.

SOC 2 Trust Services Criteria

The System and Organization Controls (SOC) framework was developed by the American Institute of CPAs (AICPA). It outlines a range of security controls for organizations that span not only technology, but also organization processes. Its criteria, or “trust services,” comprise five key areas that can be assessed:

  • Security: Companies must take the proper steps to prevent unauthorized access to their systems, data, etc. Two-factor authentication, intrusion detection, and firewalls are common practices.
  • Availability: Companies must make a reasonable attempt to keep their system highly available and fault-tolerant. They must have a documented plan for disaster recovery and incident handling.
  • Processing Integrity: All transactions must be processed quickly and accurately, with no unauthorized processing.
  • Confidentiality: Confidential or proprietary data must be protected according to the standards documented in their service agreements. In many cases, this means the data must be encrypted in-flight and/or destroyed when no longer needed.
  • Privacy: All personal information must be handled in accordance with mandated privacy regulations (e.g. GDPR in Europe, LGPD in Brazil) and as stipulated in service agreements or privacy notices.

There are two types of SOC reports. Type I reports describe how a vendor’s systems comply with the relevant trust services above at a single point in time. Type II reports (which are much more thorough and useful to a potential customer) detail how well the trust services actually work in practice.

The SOC 2 Type II certification is conducted by an independent auditor who is a registered CPA. The auditor performs a detailed review of both the description of the controls a vendor has implemented and the operational effectiveness of those controls over a time period (usually several months or a year). This ensures that the controls are both comprehensive and that they are operationally sound, not simply an effort to “check-the-box”.

Why is SOC 2 Certification Important?

A SOC2 Type II compliance means Domino has in place industry-standard, well-defined security policies, procedures, and practices. The process to obtain the certification took place over the past year, allowing us to assert that our existing security practices were sufficiently robust while receiving suggestions for making our processes even stronger.

Relying on a software vendor for your data science platform has many benefits over building a platform yourself. Domino has seen manifold use cases and varying business problems which, as a result of many years of product development, have solutions baked into our product. Building your own solution is likely to barely skim the surface of your total needs and cost a lot of time and money to develop.

More importantly, the illusion of security from build-your-own software is appealing, but misguided. In the same way we’ve developed a comprehensive solution, Domino has spent years working on the security of our product and development organization. Without knowing that you can rely on a solution to implement appropriate security measures, you may inadvertently be vulnerable to data breaches, rogue malware, and bad actors.

By doing business with vendors that are SOC 2 Type II certified, IT teams can rest assured that they are working with vendors that have security controls and practices in place to ensure the security of their data, intellectual property, and brand.

For Domino customers, a letter from our auditor attesting to our SOC 2 Type II certification is available from your Customer Success Manager.

1 Gartner CIO Agenda 2019

Twitter Facebook Gmail Share

Thomas Robinson is the VP of Strategic Partnerships and Corporate development at Domino, where he's responsible for building Domino's partner ecosystem, developing offerings providing differentiated value to partners. He previously acted as Domino's chief people officer, responsible for building an organization to unleash data science to address the world's most important challenges. Prior to Domino, Thomas worked at Bridgewater Associates, driving strategic transformation efforts, first as a director in Bridgewater's Core Technology Department to define the next generation of enterprise architecture, and then as a general manager focused on recruiting and retaining technical talent.

RELATED TAGS

SHARE