/ /
dbt Labs achieves ISO 27001:2013 and ISO 27701:2019 certifications

dbt Labs achieves ISO 27001:2013 and ISO 27701:2019 certifications

Randy Hanooman

on Dec 16, 2021

It was an exciting 2021 for dbt Labs. We announced a new name, new funding, and new features. But, I think there's still time to sneak in one more celebration before year end:

I am thrilled to share that dbt Labs has been awarded its ISO 27001:2013 and ISO 27701:2019 certifications!

Issued by the independent auditing firm, The Cadence Group, and covering both dbt Labs and its product, dbt Cloud, these certificates represent two of the most rigorous international standards for security, privacy, and trust. Together, they validate that we have established and committed to policies and processes related to information security, privacy, access control, incident response, vulnerability management, compliance, vendor management, and more. In order to achieve these certifications, dbt Labs had to demonstrate an ongoing and methodical approach to managing and protecting company and customer data.

ISO 27001:2013 - view this certificate

This standard is one of the most widely recognized and internationally accepted information security standards, and one of the few that requires a top-down, risk-based approach to evaluation. It details requirements for a comprehensive Information Security Management System (ISMS), and defines how organizations should manage and handle information in a secure manner, including appropriate security controls.

ISO 27701:2019 - view this certificate

This standard specifies requirements and guidelines to establish and continuously improve a Privacy Information Management System (PIMS), including processing of Personally Identifiable Information (PII), and is an extension of the ISO/IEC 27001 and ISO/IEC 27002 standards for information security management. It includes a set of additional controls and associated guidance that is intended to address public cloud PIMS and PII management requirements that aren't addressed by the existing ISO/IEC 27002 control set, for both processors and controllers.

dbt Labs is noted as a processor for ISO 27701:2019. The certification demonstrates that we have an effective PIMS in place to support customers, who may be working towards compliance with the European General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other data privacy regulations.

What does this mean for you?

In short, keep doing what you're doing with the confidence that you are protected. These certifications represent an on-going commitment to safeguarding data, and in addition to our other security practices, are proof that we've made information security and privacy a top priority.

Other security measures we have enacted can be found on our security page and include:

  • Completion of our SOC2 Type II examination
  • Regular penetration testing
  • A closely monitored vulnerability disclosure program

It should be noted that achieving these certifications is just one node in our on-going security journey. dbt Labs will continue to improve its security processes, policies, and technologies to enable you to focus on your business opportunities.

Last modified on: Jun 03, 2024

2025 dbt Launch Showcase

Catch our Showcase launch replay to hear from our executives and product leaders about the latest features landing in dbt.

Set your organization up for success. Read the business case guide to accelerate time to value with dbt.

Read now

Share this article
The dbt Community

Join the largest community shaping data

The dbt Community is your gateway to best practices, innovation, and direct collaboration with thousands of data leaders and AI practitioners worldwide. Ask questions, share insights, and build better with the experts.

100,000+
active members
50k+
teams using dbt weekly
50+
Community meetups