ABBYY is an industry leader in developing Digital Intelligence solutions. A part of that mission is a responsibility to our clients to protect customer data.
Developing innovative products may be our core business, but your trust in us is fundamental to our success. After all, technology is of lesser value if it can’t be trusted. That is precisely the reason we are committed to delivering the highest standards of security.
But don’t take our word for it.
Below we explore SOC 2 Type 1 and Type 2 certifications, their significance, and the third-party audits we commissioned to verify our SOC 2 compliance.
What is SOC 2?
The System and Organization Controls (SOC) 2 is one of three reports available under the SOC framework, defined by the American Institute of Certified Public Accountants (AICPA). It is designed to ensure that third-party service providers (Service organizations) can securely manage data to protect the interests and privacy of their clients.
SOC 2 compliance verifies the existence and effectiveness of security controls relevant to Trust Service Principles (TSPs) of Confidentiality, Availability, Processing Integrity, Privacy, and Security.
There are two SOC 2 reports: Type 1 and Type 2.
- Type 1 describes the Service Organization’s systems and evaluates whether they can meet the TSPs as of a specified date.
- Type 2 details the operational effectiveness of those systems throughout a disclosed period.
Why is SOC 2 important?
Clients often require vendors, especially SaaS providers, to certify protection and ensure client data privacy. When meeting with existing and potential clients, we are frequently asked about our information security policies and procedures, how we protect and control access to data, and how we track and respond to incidents. While we are confident of our controls, the independent, third-party SOC 2 reports validate our security and provide assurance to our clients.
Over the past few years, particularly in preparation for GDPR, we have matured our information security program with the aim of forming a robust information security and privacy ecosystem. SOC 2 audits have complemented this effort greatly.
Which ABBYY products are SOC2 Type 1, Type 2 certified?
We are proud to share that we have passed our SOC 2 audits and have been awarded SOC 2 reports for the following products.
|ABBYY Cloud OCR SDK||SOC 2 Type 2|
|ABBYY FlexiCapture Cloud||SOC 2 Type 2|
|ABBYY Timeline||SOC 2 Type 2|
|ABBYY Vantage||SOC 2 Type 1|
These reports demonstrate ABBYY’s commitment to protecting our client’s data.
The auditors concluded the controls were fully designed to provide absolute assurance that ABBYY’s service commitments and system requirements would be achieved based on the applicable trust services criteria.
SOC 2 reports are available upon request and a signed NDA. To request a SOC 2 report, which includes scope, methodology, and findings, please contact us at firstname.lastname@example.org.
Additionally, all of our on-premises solutions do not share any personal or commercial data that are digitized and analyzed by customers. Customers have complete control of such data while using our on-premises solutions. ABBYY cloud solutions use trusted service providers, strict access control, and strong encryption. Furthermore, ABBYY is compliant with applicable regulations regarding commercial and personal data use, such as GDPR and CCPA.
Our commitment to information security and privacy is part of our overall global initiative to promote the development of trustworthy artificial intelligence (AI) technology. As AI becomes ubiquitous across enterprise high-value and large-scale uses and more open source tools become available for digitizing data, the ethical use of accessing and training data is imperative. ABBYY made public its core guiding principles on developing, maintaining, and promoting trustworthy AI technologies, which can be found at ABBYY’s Approach to Trustworthy AI.