Compliance Reports Availability
Different team tiers have access to the following compliance certifications:| Certification Type | Free / Sandbox | Professional | Enterprise |
|---|---|---|---|
| SOC 2 Type I Report | - | ✅ | ✅ |
| SOC 2 Type II Report | - | - | ✅ |
| ISO 27001:2022 Certificate | - | - | ✅ |
| GDPR Data Protection Agreement | ✅ | ✅ | ✅ |
For access to higher-level compliance certifications, please upgrade your team on the Pricing page.The following explains how to obtain various compliance certification reports.
SOC 2 Type I Report
A SOC 2 Type I report is a third-party audit report that evaluates and confirms the design and implementation of an organization’s security controls at a specific point in time. SOC 2, which stands for System and Organization Controls 2, is a set of criteria for managing and protecting data based on five trust service principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. The Type I report specifically assesses whether an organization has appropriate controls in place to meet the relevant criteria at the time of the audit. Only team owners can download Dify’s SOC 2 Type I report via Top-right → Compliance.
SOC 2 Type II Report
A SOC 2 Type II report is a third-party audit report that evaluates and confirms the design and implementation of an organization’s security controls over a specified period. SOC 2, which stands for System and Organization Controls 2, is a set of criteria for managing and protecting data based on five trust service principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. The Type II report provides detailed insights into how well an organization’s security controls work over time, giving stakeholders confidence that the organization consistently adheres to industry standards for managing sensitive data. Only team owners can download Dify’s SOC 2 Type I report via Top-right → Compliance.
ISO 27001: 2022 Certificate
The ISO 27001:2022 certificate is an internationally recognized standard for information security management systems (ISMS). It is part of the ISO/IEC 27000 family of standards, which focuses on protecting sensitive information through a comprehensive set of security controls. The ISO 27001:2022 standard is designed to help organizations establish, implement, maintain, and continually improve their information security management system. The 2022 version of the standard reflects the latest updates and best practices in information security, aligning with current security challenges and technological advancements. It provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability through the implementation of risk management and security controls.
GDPR Data Protection Agreement
A Data Protection Agreement (DPA) is a legally binding contract between a data controller and a data processor under the General Data Protection Regulation (GDPR). The GDPR, which came into effect in May 2018, sets out the legal framework for data protection within the European Union (EU), and applies to organizations that process personal data of EU residents. A DPA is required when a data controller engages a third-party processor to handle personal data, ensuring that both parties are in compliance with GDPR obligations and safeguarding the rights of individuals whose data is being processed. Everyone can Download Dify’s DPA in our official website.
Edit this page | Report an issue