SAN FRANCISCO DECEMBER 08, 2022
Decodable, the real-time data engineering company, announced today that it has achieved GDPR compliance in accordance with AT-C 315, with criteria established by the American Institute of Certified Public Accountants. Decodable handles customer data with the highest standards for security and compliance, as is confirmed by this industry validation.
The audit was completed by Prescient Assurance, a leader in security and compliance attestation for B2B SaaS companies worldwide. Prescient Assurance is a registered public accounting firm in the US and Canada and provides risk management and assurance services which includes but is not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA and CSA STAR. For more information about Prescient Assurance, you may reach out to them at info@prescientassurance.com [info@prescientassurance.com __title__ ].
“It’s important that our customers know Decodable has secured the industry standards that demonstrate our commitment to properly handling the data in their care,” said Eric Sammer, founder and CEO of Decodable. “For that reason, we actively pursue respected attestations like SOC 2 Types I and II, and now GDPR. These standards and the rigorous audits they require are table stakes as we scale enterprise adoption of our streaming data platform.”
To see a copy of the Independent Service Auditor’s Report on Controls Relevant to GDPR Compliance for Decodable, and for more information on how Decodable manages security, please visit https://www.decodable.co/security.
About Decodable’s Information Security Program
The Decodable Information Security Program complies with SOC 2 Types I and II and GDPR in accordance with AT-C 315. SOC 2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants. The General Data Protection Regulation (GDPR) is the regulation in EU law on data protection and privacy in the European Union and European Economic Area. Relevant reports can be requested from security@decodable.co.
Decodable undergoes independent third-party assessments to test our security and compliance controls. The company performs an independent third-party penetration test at least annually to ensure that the security posture of services remains uncompromised. Roles and responsibilities related to the security program and the protection of customer data are well defined and documented, and team members are required to review and accept all of the security policies.
Decodable data is hosted on Amazon Web Services (AWS), with databases and storage services located in the United States and encrypted at rest. Applications encrypt data in transit with TLS 1.2+. Access to cloud infrastructure and other sensitive tools are limited to authorized Decodable employees who require it for their roles. Where available, Decodable has Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to cloud services are protected. Decodable performs vulnerability scanning and actively monitors and logs various cloud services for threats. Employees complete security awareness training, and are required to complete background checks and accept an industry standard confidentiality agreement.
About Decodable
Decodable’s mission is to make streaming data engineering easy. Decodable delivers the first real-time data engineering service that anyone can run. As a serverless platform for real-time data ingestion, integration, analysis and event-driven service development, Decodable eliminates the need for a large data team, clusters to set up or complex code to write. The company is backed by Bain Capital Ventures and Venrock. To learn more, please visit https://www.decodable.co/