Security & Trust Center

SOC 1 

The Service and Organization Controls (SOC) 1 Type II is an independent audit report performed to report on controls at a service organization relevant to user entities’ internal controls over financial reporting. A Type II report includes the auditor’s opinion on the control effectiveness to achieve the related control objectives during the specified monitoring period. For our SOC 1 Type II report, please ask your Databricks account team.

SOC 2 

The SOC 2 Type II is the gold standard for describing the security controls of cloud service providers. It provides a tremendous amount of detail about the security controls in place within an organization. It also includes the checks that an auditor applies to validate those controls have been in place over an audited time period. Databricks is happy to share our annual SOC 2 Type II report.

SOC 3 

Like SOC 2, the SOC 3 report is based on the American Institute of Certified Public Accountants (AICPA) standard, which evaluates the service organization’s controls relevant to the organization’s chosen Trust Services Criteria (TSC). The SOC 3 report is a publicly accessible document that aligns with the same scope as its corresponding SOC 2 report. Customers can download the report via here.

Databricks issues SOC reports three times a year on a continuous rolling basis, with a reporting period of 12 months. The latest SOC reports are refreshed in June, August and December of each year.