Blog (24)

Everything you should know about our SOC 2 compliance

SOC2 compliance is a global standard in information security, and we're here to tell you why it's important

Deel Team
Written by Deel Team
December 21, 2021

What is SOC 2 compliance?

SOC 2's a voluntary compliance standard for tech companies with cloud-based products and specifies how an organization should manage customer data. The compliance guidelines set by the AICPA (American Institute of Certified Public Accountants) ensure services are secure, available, and confidential and that InfoSec best practices are in place.

What SOC 2 means to us

As the market leader with 6,000+ customers in 150+ countries using our product, security and compliance have always been the highest priority. 

At Deel, being SOC 2 compliant isn't about just checking a box. It means we can provide a report as official proof that we comply with the globally-recognized information security standard. 

For us, it's about excelling in each area of business. In this case, our InfoSec compliance. We've done this by showing we protect customer data using the best methods among business operations, policies, and procedures.

So what exactly was audited?

So you may be wondering, what exactly gets evaluated to become SOC 2 compliant? Our audit covered three key Trust Services Criteria: Security, Availability, and Confidentiality, relevant to Deel. There were multiple internal checks to ensure everything was adequately operating and effective.

Scytale AI helped tailor management-designed controls to Deel's infrastructure, software, process, people, and data, implementing controls around:

  • Remote onboarding of employees
  • Cloud infrastructure security
  • Risk management
  • Access control restrictions, including strict password enforcement
  • Multi-factor authentication
  • User access review
  • Threat detection
  • Change management procedures
  • Assets management
  • Data encryption
  • Secure development and more

We've built our infrastructure and technology around being SOC 2 compliant, but now we're proud to have the "official" stamp that recognizes our secure data protection practices.

A powerful partnership

With our report, not only do we meet the SOC 2 standards, but we've improved our overall security. Ensuring we have first-class safeguards and procedures to maintain this norm consistently. Scytale AI's professional SOC 2 advice and technology helped take our compliance to the next level, with proof of an official audit performed by KPMG.

Our customers are in safe hands

Thousands of customers trust Deel to create contracts globally and pay employees and contractors in the preferred currency compliantly. They trust us with their sensitive data. SOC 2 is the best way to assure our security and provide customers with confidence when it comes to global HR workflows.

Customers remain at the forefront of every decision we make. Delivering a SOC 2 report to customers and prospects demonstrates our commitment to sound security standards. With our SOC 2 compliance, we can proudly show they're partnering with a company that cares about their data.

What comes next?

SOC 2 compliance is not a one-off act, and we get that. When it comes to SOC 2, maintaining compliance is critical and indicates genuine commitment. We'll renew our SOC 2 report annually for an audit period of 12 months. We will continuously monitor our compliance effectiveness for oversight across our company and update all necessary policies and procedures in the interim.

Deel's dedication to the continuous review of information security means making ongoing improvements and updates to maximize our protection of customers—keeping a great, more secure Deel for everyone involved.

Deel makes growing remote and international teams effortless. Ready to get started?

+

Countries

+

Customers

+

Legal experts

+

Currencies