Announcing CSA STAR, ISO 27017, and ISO 22301 certifications


Published on November 30, 2016

We’re dedicated to building trust with our customers across the globe, and helping them fit Dropbox into their compliance strategies. And with the compliance landscape regularly shifting, we strive to stay ahead of the curve as new standards and certifications are introduced. So today, we’re excited to announce three new certifications—CSA STAR Level 2, ISO 27017, and ISO 22301—and updates to our existing compliance measures.

Standardizing cloud security with CSA STAR certification

Building on our Level 1 Self-Assessment, our CSA STAR Level 2 Certification attests to our security controls and processes. “Dropbox continuously proves to be at the forefront of compliance standards,” said Jim Reavis, co-founder and CEO of the Cloud Security Alliance (CSA). “With rigorous independent auditing and certification for both well-accepted and up-and-coming standards, they’re demonstrating an impressive dedication to their customers’ security. We’re excited to have Dropbox on the short list of companies that have achieved our Security, Trust & Assurance Registry (STAR) Level 2 Certification.” View our CSA STAR Level 2 certificate here.

Improving shared security responsibility and transparency with ISO 27017

As companies move data off their physical infrastructure, defining roles in its protection becomes increasingly important. ISO 27017, a new international standard for cloud security, focuses on making transparent providers’ and customers’ shared responsibility in protecting data. Like our ISO 27018 certification for cloud privacy and data protection, our ISO 27017 certification has been issued by EY CertifyPoint (Netherlands). View our ISO 27017 certificate here.

Making business continuity a priority with ISO 22301

Trust is more than just security. Services like ours play a big role in customers’ daily operations, so availability is critical. Our new ISO 22301 certificate, also issued by EY CertifyPoint (Netherlands), is a testament to our dedication to availability and business continuity. ISO 22301 certifies that we have a business continuity management system (BCMS), ensuring we have the processes needed to operate in the event of a disaster. View our ISO 22301 certificate here.

Expanding existing compliance

Our Service Organization Controls 2 and 3 (SOC 2 and SOC 3) reports, issued by independent auditors EY LLP (US), have been expanded to cover the Privacy Trust Services Principle and Criteria. We’re also excited to announce that our existing compliance certifications and reports now cover Dropbox Enterprise and Education deployments. This includes our ISO 27001, 27017, 27018, and 22301 certifications; SOC 1, 2, and 3 audits; CSA STAR Level 2 Certification; and support for HIPAA/HITECH. View our SOC 3 report here, and request our SOC 2 by contacting our sales team. These standards underscore our commitment to keeping customer data safe, operating at the highest levels of availability, and maintaining transparency in data storage and processing. And they demonstrate our leadership in the SaaS industry, as we’re one of the first major providers to achieve CSA STAR and ISO 22301 certifications. We’re excited to make continued strides with these compliance milestones. For more information on how Dropbox can be used as part of your company’s compliance strategies, visit our standards and regulations page, or contact sales@dropbox.com.