Back

dotCMS Maintains Effective Security Controls According to 2022 SOC 2 Report

Oct 05, 2022

dotCMS announced that the company has, again, successfully undergone a System and Organization Controls 2 Type II examination (SOC 2 Type II) resulting in a CPA’s report stating that management of dotCMS maintained effective controls over the security, availability, and confidentiality of its dotCMS Cloud system. This report comes with no exceptions, meaning dotCMS underwent a full year without making a single security error or breaking security policies. The engagement was performed by BARR Advisory, P.A.

A SOC 2 report is an internal control report on the services provided by a service organization to its customers and provides valuable information that existing and potential customers of the service organization need to assess and address the risks associated with the outsourced service. Unlike a SOC 2 Type I report, which only assesses a single point in time, a SOC 2 Type II report is more comprehensive, as it measures how effective security controls are over multiple months of standard operation.

“This report reflects the hard work that our engineering and administrative team have put in each year to maintain the appropriate controls and effectively mitigate risk,” said Will Ezell, Chief Technology Officer of dotCMS. “We are proud to have passed this year’s evaluation with zero exceptions, and we plan to continue this level of success each year.”

The following principles and related criteria have been developed by the American Institute of CPAs (AICPA) for use by practitioners in the performance of trust services engagements:

  • Security: The system is protected against unauthorized access (both physical and logical).
  • Availability: The system is available for operation and use as committed or agreed.
  • Confidentiality: Information designated as confidential is protected as committed or agreed.

Current and prospective customers interested in a copy of our SOC 2 report may contact their sales or customer success representatives for a copy of the report.

About BARR Advisory

BARR Advisory is a cloud-based security and compliance solutions provider, specializing in cybersecurity consulting and compliance for Software as a Service (SaaS) companies. A trusted advisor to some of the fastest growing cloud-based organizations around the globe, BARR simplifies compliance across multiple regulatory and customer requirements in highly regulated industries including technology, financial services, healthcare, and government.

  • BARR Advisory services include:
  • Compliance Program Assistance
  • SOC 1 Examinations
  • SOC 2 and 3 Examinations
  • SOC for Cybersecurity
  • PCI DSS Assessment Services
  • ISO 27001 Assessments
  • FedRAMP Security Assessments
  • HIPAA and HITECH Services
  • Penetration Testing and Vulnerability Assessments
  • Virtual CISO services

About dotCMS

dotCMS is a content management system that helps global enterprises with multiple brands, subsidiaries, and franchises manage, optimize, and scale content across languages and channels.  Brands such as Dairy Queen, Newell, Firstmac, Telus, and Comcast have chosen dotCMS for its unique ability to manage thousands of sites and consolidate multiple CMSs onto a single, unified instance of dotCMS to streamline content management across teams while saving money on platform costs.

dotCMS’ universal approach to content management also means that companies have the choice to deliver content traditionally or headlessly. Headless developers can work within the front-end framework of choice while still providing marketers with visual editing tools so they can go to market with their business-critical content and decrease their dependency on technical teams.

Highly Rated and Recommended

We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews