ABBYY’s Commitment to Highest Standards of Information Security

ABBYY is an industry leader in developing Digital Intelligence solutions. A part of that mission is a responsibility to our clients to protect customer data.

Developing innovative products may be our core business, but your trust in us is fundamental to our success. After all, technology is of lesser value if it can’t be trusted. That is precisely the reason we are committed to delivering the highest standards of security.

But don’t take our word for it.

Below we explore SOC 2 Type 1 and Type 2 certifications, their significance, and the third-party audits we commissioned to verify our SOC 2 compliance.

What is SOC 2?

The System and Organization Controls (SOC) 2 is one of three reports available under the SOC framework, defined by the American Institute of Certified Public Accountants (AICPA). It is designed to ensure that third-party service providers (Service organizations) can securely manage data to protect the interests and privacy of their clients.

SOC 2 compliance verifies the existence and effectiveness of security controls relevant to Trust Service Principles (TSPs) of Confidentiality, Availability, Processing Integrity, Privacy, and Security.

There are two SOC 2 reports: Type 1 and Type 2.

  • Type 1 describes the Service Organization’s systems and evaluates whether they can meet the TSPs as of a specified date.
  • Type 2 details the operational effectiveness of those systems throughout a disclosed period.

Why is SOC 2 important?

Clients often require vendors, especially SaaS providers, to certify protection and ensure client data privacy. When meeting with existing and potential clients, we are frequently asked about our information security policies and procedures, how we protect and control access to data, and how we track and respond to incidents. While we are confident of our controls, the independent, third-party SOC 2 reports validate our security and provide assurance to our clients.

Over the past few years, particularly in preparation for GDPR, we have matured our information security program with the aim of forming a robust information security and privacy ecosystem. SOC 2 audits have complemented this effort greatly.

Which ABBYY products are SOC2 Type 1, Type 2 certified?

We are proud to share that we have passed our SOC 2 audits and have been awarded SOC 2 reports for the following products.

Product Type
ABBYY Cloud OCR SDK SOC 2 Type 2
ABBYY FlexiCapture Cloud SOC 2 Type 2
ABBYY Timeline SOC 2 Type 2
ABBYY Vantage SOC 2 Type 1

These reports demonstrate ABBYY’s commitment to protecting our client’s data.

The auditors concluded the controls were fully designed to provide absolute assurance that ABBYY’s service commitments and system requirements would be achieved based on the applicable trust services criteria.

SOC 2 reports are available upon request and a signed NDA. To request a SOC 2 report, which includes scope, methodology, and findings, please contact us at

Additionally, all of our on-premises solutions do not share any personal or commercial data that are digitized and analyzed by customers. Customers have complete control of such data while using our on-premises solutions. ABBYY cloud solutions use trusted service providers, strict access control, and strong encryption. Furthermore, ABBYY is compliant with applicable regulations regarding commercial and personal data use, such as GDPR and CCPA.

Our commitment to information security and privacy is part of our overall global initiative to promote the development of trustworthy artificial intelligence (AI) technology. As AI becomes ubiquitous across enterprise high-value and large-scale uses and more open source tools become available for digitizing data, the ethical use of accessing and training data is imperative. ABBYY made public its core guiding principles on developing, maintaining, and promoting trustworthy AI technologies, which can be found at ABBYY’s Approach to Trustworthy AI.

Data Privacy
Paul Nizov ABBYY

Paul Nizov

Chief Information Security Officer

Paul Nizov is an Information and Cyber Security Professional and Business Executive with over 15 years of international technical, legal, and military experience in the United States, Middle East, and Asia. As Chief Information Security Officer (CISO) at ABBYY, Paul advocates the importance and impact of security among the company’s leadership team. Paul manages security risk, overseeing the strategic, operational, and budgetary aspects of secure software development, data privacy, and information protection.

Paul has built and managed information and cybersecurity programs in sectors such as energy, finance, healthcare, and technology. He has extensive expertise in regulatory compliance and security frameworks such as NIST, ISO, SOC, HITRUST, HIPAA, and GDPR. Additionally, Paul has designed and implemented enterprise-wide disaster recovery, business continuity, crisis management, and incident response capabilities.

Paul recently moved from Abu Dhabi, where he spent over four years advising private and public entities in KSA and the UAE. Key initiatives included establishing national information and cybersecurity capabilities to combat regional threats and protect critical infrastructure.

Paul holds a Juris Doctor from SMU Dedman School of Law, as well as a B.S. in Electrical Engineering, and he is a former U.S. Navy nuclear submarine officer.

Subscribe for blog updates

Your subscription was successful! Kindly check your mailbox and confirm your subscription. If you don't see the email within a few minutes, check the spam/junk folder.

I am aware that my consent could be revoked at any time by clicking the unsubscribe link inside any email received from ABBYY or via ABBYY Data Subject Access Rights Form.

By submitting this form, I consent to the use of my personal information for the purposes described in the Privacy Notice.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Your subscription was successful!

Connect with us