Monte Carlo is SOC 2 Type II Certified

For Monte Carlo, security is in our DNA. That’s why achieving the utmost security and privacy for our end-to-end data observability platform has been a top priority since Day 1. 

Today, I’m thrilled to announce that Monte Carlo has achieved SOC 2 Type II certification, just a few months after achieving our SOC 2 Type I certification. SOC 2 Type II compliance is an industry-leading standard for the security, availability, and confidentiality that our organization adopted. A company that reaches this status has shown that its system is designed to keep its customers’ data secure.

What is SOC 2 Type II?

Compared to a Soc 2 Type I report that outlines an organization’s controls for a specific date, a Type II report reviews an organization’s control over a longer period of time. Ultimately, it is proof that an organization’s set of internal controls, systems, and policies were implemented properly over several months — ultimately, that our actions speak louder than words. 

Additionally, a SOC 2 Type II report contains any incidents and significant changes, which gives customers an overview of how an organization deals with security over time. 

What does this mean for our customers?

Many of our customers have adopted SOC 2 as a standard for their own security and compliance, and many of the best security teams consider SOC 2 to be a preferred or often required certification for software vendors. As part of our mission to help as many data teams as possible avoid data downtime, it was obvious to us that we needed to match or exceed our customers’ security posture. 

We are proud to be the first end-to-end data observability platform to reach this milestone and increase confidence in our security as we help make data more trustworthy and reliable.

Monte Carlo’s commitment to your data’s security and privacy 

Before we even founded Monte Carlo, we knew that security and compliance would be front and center when it came to building our data observability platform architecture. In fact, security runs in our DNA, with several of us Monte Carloians hailing from cybersecurity providers like Barracuda and a few of us having patented machine learning systems to prevent email phishing attacks. 

Specifically, with Monte Carlo, data never leaves your environment — full stop. We designed our product without having to store or access individual records, PII, or any other sensitive information. Instead, we only extract query logs, metadata, and aggregated statistics about data usage to ensure that your most critical data assets are as trustworthy and reliable as possible. 

Under the hood, we use read-only access via APIs and/or dedicated service accounts to access this metadata, enabling granular permissions to datasets of your choice. Our hybrid architecture allows you to run our collectors on your own cloud infrastructure so you never have to expose any of your data warehouses, data lakes, and business intelligence tools to our cloud. And this only scratches the surface of our commitment to our customers’ security and privacy.

Moving forward

If interested, please reach out to us for a copy of our SOC 2 Type II report. And, if you are interested in learning more about Monte Carlo’s approach to data security and privacy, we’re always happy to chat!

Curious about how to achieve secure, private, and end-to-end data observability for your pipelines? Reach out to Itay and the rest of the Monte Carlo team!