We’ve joined forces with Smartlogic to reveal smarter decisions—together.

MarkLogic Achieves SOC 2 Type II Security Certification

We are proud to announce the successful completion of a SOC 2 Type II audit for our cloud service. An independent third party has issued an attestation report for MarkLogic® Data Hub Service on all five SOC 2 Type II principles:  Security, Availability, Processing Integrity, Confidentiality and Privacy.

Providing a safe and secure platform to manage enterprise data is paramount to our vision of simplifying complex data integration. MarkLogic was already the most secure modern database with the most granular security, most advanced encryption capabilities and the only modern database to carry a Common Criteria security certification. The SOC 2 Type II report speaks to MarkLogic’s continued “security-first” mentality as it applies to cloud services and financial services use cases in particular.

Overview of SOC 2 Type II

SOC stands for “Service Organization Controls,” and SOC II focuses on an organization’s internal controls that are related to compliance and operations, wrapped around five trust principles:

  • Security – The system is protected against unauthorized access, both physical and logical.
  • Availability – The system is available for operation and use as committed or agreed.
  • Processing integrity – System processing is complete, accurate, timely and authorized.
  • Confidentiality – Information designated as confidential is protected as committed or agreed.
  • Privacy – Personal information is collected, used, retained, disclosed and disposed of according to set guidelines.

The end result is a report that helps organizations evaluate the security of service providers (which includes almost all cloud technology vendors). The audit reporting requirements are governed by the American Institute of CPAs or AICPA.

Example of Security Control

In cybersecurity, a “security control” has a relatively broad definition and refers to the safeguards or countermeasures used to avoid, detect, counteract or minimize security risks to both information and actual physical hardware.

In the context of SOC II and what an auditor looks at, a common example is ensuring that information assets (i.e., data and code) can only be accessed by the right people (i.e., authorization and authentication). This means not only designing the systems to be secure, but also ensuring that the right policies and procedures are in place and that they are followed.

How SOC 2 Type I and Type II Differ

There are two types of SOC 2 reports: Type I and Type II. Both are completed by an independent third-party and cover similar areas of security, but the Type II report is newer and has more stringent requirements. The main difference is that Type I looks at security controls at a specific point in time and Type II evaluates the operational effectiveness of controls over a period of time—the minimum of which is six months—to determine if the controls are operating as described.

Why SOC 2 Type II Matters

At a broad level, security is becoming more and more important as breaches grow in number and severity and the cost of a breach increases. At the same time, organizations are moving faster than ever to deploy and maintain new IT systems, particularly in the cloud. And yet, in an article from consulting firm, McKinsey, “despite the benefits of public-cloud platforms, persistent concerns about cybersecurity for the public cloud have deterred companies from accelerating the migration of their workloads to the cloud.”

With SOC 2 Type II, MarkLogic’s cloud service has independent third-party validation that MarkLogic is a trusted cloud provider for handling mission-critical data. This helps alleviate concerns about cybersecurity so that organizations can accelerate cloud adoption with MarkLogic.

Availability of the Report

The SOC 2 Type II report is not public, but we are able to share it under a non-disclosure agreement. If you would like a copy of the report, please contact us and one of our security experts will get in touch.

Start a discussion

Connect with the community




Most Recent

View All

Facts and What They Mean

In the digital era, data is cheap, interpretations are expensive. An agile semantic data platform combines facts and what they mean to create reusable organizational knowledge.
Read Article

Truth in ESG Labels

Managing a portfolio of investments for your client has never been simple - and doing so through an ESG lens raises the complexity to an almost mind-boggling level. Learn the signs your team has hit the wall with current tools - and how a semantic knowledge graph can help.
Read Article

4 Signs You’ve Got a Transaction Reconciliation Challenge

Many firms manage transaction reconciliation using smart people armed with spreadsheets - but that doesn't scale well. Learn what to look for, to know if you're creating new forms of risk for your firm.
Read Article
This website uses cookies.

By continuing to use this website you are giving consent to cookies being used in accordance with the MarkLogic Privacy Statement.