Back

dotCMS Maintains Effective Security Controls According to SOC 2 Report

Oct 25, 2021

Miami, FL - October 19, 2021 – Today, dotCMS announced that the company has successfully undergone a System and Organization Controls 2 Type II examination (SOC 2 Type II) resulting in a CPA’s report stating that management of dotCMS maintained effective controls over the security, availability, and confidentiality of its dotCMS Cloud system. The engagement was performed by BARR Advisory, P.A.

A SOC 2 report is an internal control report on the services provided by a service organization to its customers and provides valuable information that existing and potential customers of the service organization need to assess and address the risks associated with the outsourced service. Unlike a SOC 2 Type I report, which only assesses a single point in time, a SOC 2 Type II report is more comprehensive, as it measures how effective security controls are over multiple months of standard operation.

SOC2 Type II

“We are pleased that our SOC 2 report has shown we have instituted and maintained the appropriate controls over time and that we have effectively mitigated risks related to our customers security, availability, and confidentiality’, said Will Ezell, Chief Technology Officer.

The report reflects the hard work that our engineering and administrative teams have put in over the past year in securing and maturing our services and cloud offerings.

The following principles and related criteria have been developed by the American Institute of CPAs (AICPA) for use by practitioners in the performance of trust services engagements:

  • Security: The system is protected against unauthorized access (both physical and logical).
  • Availability: The system is available for operation and use as committed or agreed.
  • Confidentiality: Information designated as confidential is protected as committed or agreed.

Current and prospective customers interested in a copy of our SOC 2 report may contact their sales or customer success representatives for a copy of the report.

About BARR Advisory

BARR Advisory is a cloud-based security and compliance solutions provider, specializing in cybersecurity consulting and compliance for Software as a Service (SaaS) companies. A trusted advisor to some of the fastest growing cloud-based organizations around the globe, BARR simplifies compliance across multiple regulatory and customer requirements in highly regulated industries including technology, financial services, healthcare, and government.

  • BARR Advisory services include:
  • Compliance Program Assistance
  • SOC 1 Examinations
  • SOC 2 and 3 Examinations
  • SOC for Cybersecurity
  • PCI DSS Assessment Services
  • ISO 27001 Assessments
  • FedRAMP Security Assessments
  • HIPAA and HITECH Services
  • Penetration Testing and Vulnerability Assessments
  • Virtual CISO services

Barr Advisory

About dotCMS

dotCMS is the most agile, scalable and secure content management system for enterprise. Built on leading Java technology, dotCMS is an open-source, hybrid-headless content management system that gives developers the flexibility of a headless CMS while equipping marketers with no-code visual content authoring.  Whether you're building a network of global websites, an employee intranet, customer portal, or single page web application, dotCMS helps you manage content, images, and assets in one centralized location and deliver them to any channel.

Founded in 2003, dotCMS is a privately held US company with a global network of certified development partners and an active open source community. dotCMS has generated millions of downloads and more than 100,000 implementations and integration projects worldwide. Notable customers include: Telus, Standard & Poors, Hospital Corporation of America, Royal Bank of Canada, Comcast, Thomson Reuters, Dairy Queen, City Furniture, Varo Bank, Lennox International, Firstmac and Newell Brands.