dbt Labs achieves ISO 27001:2013 and ISO 27701:2019 certifications

It was an exciting 2021 for dbt Labs. We announced a new name, new funding, and new features. But, I think there's still time to sneak in one more celebration before year end:

I am thrilled to share that dbt Labs has been awarded its ISO 27001:2013 and ISO 27701:2019 certifications!

Issued by the independent auditing firm, The Cadence Group, and covering both dbt Labs and its product, dbt Cloud, these certificates represent two of the most rigorous international standards for security, privacy, and trust. Together, they validate that we have established and committed to policies and processes related to information security, privacy, access control, incident response, vulnerability management, compliance, vendor management, and more. In order to achieve these certifications, dbt Labs had to demonstrate an ongoing and methodical approach to managing and protecting company and customer data.

ISO 27001:2013 - view this certificate

This standard is one of the most widely recognized and internationally accepted information security standards, and one of the few that requires a top-down, risk-based approach to evaluation. It details requirements for a comprehensive Information Security Management System (ISMS), and defines how organizations should manage and handle information in a secure manner, including appropriate security controls.

ISO 27701:2019 - view this certificate

This standard specifies requirements and guidelines to establish and continuously improve a Privacy Information Management System (PIMS), including processing of Personally Identifiable Information (PII), and is an extension of the ISO/IEC 27001 and ISO/IEC 27002 standards for information security management. It includes a set of additional controls and associated guidance that is intended to address public cloud PIMS and PII management requirements that aren't addressed by the existing ISO/IEC 27002 control set, for both processors and controllers.

dbt Labs is noted as a processor for ISO 27701:2019. The certification demonstrates that we have an effective PIMS in place to support customers, who may be working towards compliance with the European General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other data privacy regulations.

What does this mean for you?

In short, keep doing what you're doing with the confidence that you are protected. These certifications represent an on-going commitment to safeguarding data, and in addition to our other security practices, are proof that we've made information security and privacy a top priority.

Other security measures we have enacted can be found on our security page and include:

• Completion of our SOC2 Type II examination
• Regular penetration testing
• A closely monitored vulnerability disclosure program

It should be noted that achieving these certifications is just one node in our on-going security journey. dbt Labs will continue to improve its security processes, policies, and technologies to enable you to focus on your business opportunities.