New SOC 1 report available, SOC 2 and SOC 3 updated to provide even more assurance
A few months ago, we let you know that Dropbox for Business provides SOC 2 and SOC 3 assurance reports that cover the Security and Confidentiality Trust Service Principles. Today, along with our ISO 27001 certification, we're excited to announce even further coverage for SOC 1, 2, and 3:
- Our Service Organization Controls 3 (SOC 3) report has been expanded to cover the Security, Confidentiality, and Processing Integrity Trust Services Principles. The report is publicly available here.
- Our Service Organization Controls 2 (SOC 2) report has also been expanded to cover the Security, Confidentiality, Processing Integrity, and Availability Trust Services Principles. It's available for potential and current Dropbox for Business customers upon request — just email email@example.com or contact your account manager.
- We now offer a Service Organizational Controls 1 (SOC 1) report, which is especially important for customers who determine that Dropbox for Business is a key element of their internal controls over financial reporting (ICFR) program. These specific assurances are primarily used for our customers' Sarbanes-Oxley (SOX) compliance. The independent third-party examination for this report is conducted in accordance with SSAE 16 and ISAE 3402, which have replaced the previous SAS 70 standard. Our SOC 1 report is available to potential and current Dropbox for Business customers upon request, also by emailing firstname.lastname@example.org or contacting your account manager.