dotCMS Maintains Effective Security Controls According to 2023 SOC 2 Report
Sep 28, 2023
dotCMS announced that the company has, for the third year in a row, successfully undergone a System and Organization Controls 2 Type II examination (SOC 2 Type II) resulting in a CPA’s report stating that management of dotCMS maintained effective controls over the security, availability, and confidentiality of its dotCMS Cloud system. This report comes with no exceptions, meaning dotCMS underwent a full year without making a single security error or breaking security policies. The engagement was performed by BARR Advisory, P.A.
A SOC 2 report is an internal control report on the services provided by a service organization to its customers and provides valuable information that existing and potential customers of the service organization need to assess and address the risks associated with the outsourced service. Unlike a SOC 2 Type I report, which only assesses a single point in time, a SOC 2 Type II report is more comprehensive, as it measures how effective security controls are over multiple months of standard operation.
Receiving the SOC2 TYPE II certification, alongside their existing ISO 27001 certification, reinforces that dotCMS is committed to protecting its client's critical data and complying with applicable laws and regulations.
“dotCMS has done diligent work in upholding rigorous security, availability, and confidentiality standards under the SOC2 compliance framework,” says Dr. Mehdi Karimi, Director of Cybersecurity at dotCMS. “dotCMS has retained this impeccable standard for the past three years. It's not just about meeting compliance benchmarks; it's about our genuine commitment to protect stakeholders and leading by example in the industry as a safe and secure CMS platform.
Collaborating with such a proactive and responsible team has been both an honor and a testament to what can be achieved with a robust focus on achieving customers’ security demands”
The following principles and related criteria have been developed by the American Institute of CPAs (AICPA) for use by practitioners in the performance of trust services engagements:
Security: The system is protected against unauthorized access (both physical and logical).
Availability: The system is available for operation and use as committed or agreed.
Confidentiality: Information designated as confidential is protected as committed or agreed.
Current and prospective customers interested in a copy of our SOC 2 report may contact their sales or customer success representatives for a copy of the report.
BARR Advisory is a cloud-based security and compliance solutions provider, specializing in cybersecurity consulting and compliance for Software as a Service (SaaS) companies. A trusted advisor to some of the fastest growing cloud-based organizations around the globe, BARR simplifies compliance across multiple regulatory and customer requirements in highly regulated industries including technology, financial services, healthcare, and government.
BARR Advisory services include:
Compliance Program Assistance
SOC 1 Examinations
SOC 2 and 3 Examinations
SOC for Cybersecurity
PCI DSS Assessment Services
ISO 27001 Assessments
FedRAMP Security Assessments
HIPAA and HITECH Services
Penetration Testing and Vulnerability Assessments
Virtual CISO services
dotCMS is a content management system that helps global enterprises with sophisticated content requirements create, manage and deliver content anywhere. The dotCMS platform is best suited for organizations across industries who manage multiple brands, websites, workflows and content types across multiple languages, and need a platform that is secure and scalable for a development team to work with, but also has intuitive editing tools for content and marketing teams to manage their mission-critical content.
Brands such as Dairy Queen, Newell, Greensky, Chewy and Comcast have chosen dotCMS as their primary platform to scale their content operations and empower their marketing teams so they can reduce developer dependency, enabling teams to go-to-market faster, without sacrificing the flexibility and security of their CMS.