Dropbox for Business ISO 27001 certification


Dropbox for Business compliance milestones: New ISO 27001 certification & updated SOC 1, 2, 3 reports


Published on October 27, 2014

At Dropbox, safeguarding your data is a top priority. Today, as part of that effort, we're happy to announce the addition of ISO 27001 certification to our growing list of compliance milestones for Dropbox for Business. ISO 27001 is recognized as the premier information security standard around the world, and we're among the first in our industry to be certified using the 2013 revision of the standard, which has been updated with cloud computing in mind. We're excited to share this certification with Dropbox for Business teams around the world; current and potential users can view our certificate here. What does this mean for you? Achieving ISO 27001 certification signifies that we’ve demonstrated our promise to continually improve the security of your data under the ISO/IEC 27001:2013 standard. You can trust that the information security management program we’ve built is top-notch — it’s designed and tested based on the framework in this standard, which is the most widely accepted of its kind globally. Our ISO 27001 certificate — issued by a leading independent third party in the Netherlands and recognized in all countries with IAF membership — validates that we've built a systematic approach and effective controls to maintain the security, confidentiality, integrity, and availability of your data.

New SOC 1 report available, SOC 2 and SOC 3 updated to provide even more assurance

Dropbox for Business SOC 1, SOC 2, and SOC 3
Dropbox for Business SOC 1, SOC 2, and SOC 3

A few months ago, we let you know that Dropbox for Business provides SOC 2 and SOC 3 assurance reports that cover the Security and Confidentiality Trust Service Principles. Today, along with our ISO 27001 certification, we're excited to announce even further coverage for SOC 1, 2, and 3:

  • Our Service Organization Controls 3 (SOC 3) report has been expanded to cover the Security, Confidentiality, and Processing Integrity Trust Services Principles. The report is publicly available here.
  • Our Service Organization Controls 2 (SOC 2) report has also been expanded to cover the Security, Confidentiality, Processing Integrity, and Availability Trust Services Principles. It's available for potential and current Dropbox for Business customers upon request — just email sales@dropbox.com or contact your account manager.
  • We now offer a Service Organizational Controls 1 (SOC 1) report, which is especially important for customers who determine that Dropbox for Business is a key element of their internal controls over financial reporting (ICFR) program. These specific assurances are primarily used for our customers' Sarbanes-Oxley (SOX) compliance. The independent third-party examination for this report is conducted in accordance with SSAE 16 and ISAE 3402, which have replaced the previous SAS 70 standard. Our SOC 1 report is available to potential and current Dropbox for Business customers upon request, also by emailing sales@dropbox.com or contacting your account manager.
To read more about Dropbox for Business, visit the resources section of our website.