Davra is excited to announce that we have obtained our SOC-2 Type 1 report following an independent audit by PWC. An internationally recognised information security standard, SOC-2 adds yet another layer to our compliance ecosystem. In addition to our ISO 9001 and ISO/IEC 27001 certifications, this means our customers can be confident about the security and privacy of the data processed by Davra.

What this means for you

Information security is critical to every organisation, particularly when embarking on an Internet of Things (IoT) initiative. Mishandled data can leave you vulnerable to security breaches, intellectual property theft, extortion, and reputational damage.

When running your business application on an IoT platform such as Davra, you need to know that your data is managed securely. That is why compliance is so important to us.

Data Security

You can trust that your data is protected by comprehensive security measures, ensuring confidentiality, integrity, and availability.

Reduced Risk

By choosing Davra, you are selecting a partner committed to minimising security risks and reducing the potential for data breaches or disruptions.

Streamlined Audits

Our SOC-2 Type 1 report simplifies your compliance process, making it easier to demonstrate your regulatory compliance to your stakeholders.

Inherit strong compliance

We maintain continuous auditability across all our compliance and security standards (opens new window) and are audited multiple times every year by independent auditors. When you are building on the Davra platform, you inherit all these controls. We can also help you analyse particular compliance criteria in your industry, including remediation if needed.

As the IoT industry matures, the verticals within it become more heavily regulated. Davra is a leader in the market in this space and sees compliance as a feature of our platform.

What is SOC-2?

SOC-2 stands for Service Organization Control 2 and is a framework for managing and securing data related to the processing of information by service organisations. It is one of the reports in the SOC (Service Organization Control) series developed by the American Institute of Certified Public Accountants (AICPA) (opens new window).

SOC-2 comprises five trust service criteria (TSC), totalling 64 individual criteria. It focuses on the controls and processes relevant to the security, availability, processing integrity, confidentiality, and privacy of data handled by service providers.

Service providers include companies that provide cloud computing, Software as a Service (SaaS), data hosting, and other services where customer information is processed.

A CPA (Certified Public Accountant) must conduct an independent third-party audit to assess whether the organisation’s systems and processes meet the specified criteria.

What are the criteria for SOC-2?

SOC-2 evaluates five trust service criteria:

• Security: The system is protected against unauthorised access (both physical and logical). Availability: The system is available for operation and use as committed or agreed.
• Processing Integrity: System processing is complete, valid, accurate, timely, and authorised.
• Confidentiality: Information designated as confidential is protected as committed or agreed.
• Privacy: Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice.

What is a Type-1 report?

A SOC-2 Type 1 report is one of the two reports under the SOC-2 framework – the other is “Type 2”.

The Type 1 report assesses whether Davra’s systems and processes are designed to meet the trust service criteria. The evaluation covers a specific date when the assessment took place and provides a snapshot of the organisation’s control environment at that point in time.

The Type 2 report evaluates the operational effectiveness of those controls over an extended period, usually at least six months. This allows the auditor to assess how well the controls operate over time.

Compliance & Davra

Our SOC-2 Type 1 report is just the latest standard that Davra has achieved. Here are some of the other standards that we maintain.

ISO 9001

Davra is independently certified to ISO 9001:2015 by the National Standards Association of Ireland (NSAI). ISO 9001:2015 is a globally recognised standard for quality management systems. Complying with this standard means we examine, streamline, and optimise our processes and operations to deliver customer value. It demonstrates our focus on continuous improvement and providing products and services that adhere to strict quality standards.

ISO 27001

Davra is independently certified to ISO 27001: 2017 by the NSAI. Protecting our customers’ sensitive data is of utmost importance to us. As a proud holder of ISO 27001:2017 accreditation, Davra showcases its robust approach to information security management. This certification assures our clients that we handle their data with utmost confidentiality, integrity, and availability.

While SOC 2 and ISO 27001 both focus on information security and compliance, they have different scopes, requirements, and objectives. SOC 2 is specifically designed for service organisations, while ISO 27001 broadly applies to organisations of all sizes and types.

To learn more about Davra’s compliance standards, see our Compliance page.

Join our Mailing List

Join thousands of professionals and get IoT tips to help you transform your business.

What we did to achieve this

Receiving our SOC-2 Type 1 Report is a huge achievement by the team. It follows months of work, which involved creating a control framework that listed 60+ controls that must be implemented within Davra. Each control was assigned an owner to monitor compliance and provide evidence during an audit.

Writing up the report in tandem with PWC was a rigorous process involving many drafts before reaching the final report. The final draft went through three full reviews by PWC, from junior to senior to partner roles.

Next Steps

Type 2 Certification: We are now working towards SOC-2 Type 2 certification. This will involve ongoing monitoring and testing, ensuring our commitment to security remains steadfast.

Continuous Improvement: As part of our ongoing policy of Continuous improvement, we will continue to invest in our security practices, stay up-to-date with the latest threats, and ensure that compliance and security remain a priority.

Davra welcomes feedback from our customers and partners as we aim to enhance our security measures even further and continue to meet their evolving needs.

For more information about Davra and its security and compliance programs, please reach out via our Contact page.