Compliance offerings

This site contains information about DoiT’s certifications and compliance standards. Our offerings regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust.

ISO27001

ISO/IEC 27001 outlines and provides the requirements for an information security management system (ISMS), specifies a set of best practices and details the security controls that can help manage information risks.

DoiT International’s infrastructure and Product Portfolio are certified as ISO/IEC 27001 compliant. The 27001 standard does not mandate specific information security controls, but the framework and checklist of controls it lays out allow DoiT to ensure a comprehensive and continually improving model for security management.

Our company SOC2 and ISO27001, along with other compliance framework certificates, may be accesses from the DoiT Trust Center.

Services delivered through DoiT’s platform that are in scope for ISO/IEC 27001 include:
  • Flexsave for AWS
  • Flexsave for Google Cloud
  • SpotScaling for AWS
  • Cloud Analytics
  • Google BigQuery Lens
  • Amazon Web Services Lens
  • GKE Analytics
  • Cloud Sandboxes
  • Known Issues
  • Cost Anomalies
  • CIS Benchmark
  • Identity and Access Management

SOC 2 Type II

The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, confidentiality and privacy.
A Type II report details how security controls are implemented over a period of time (unlike a SOC2 Type I report, which reviews them based on a specified point in time).
DoiT International undergoes a regular third-party audit to certify its technology portfolio against these standards.
SOC 2 reports may be requested by current customers via the Compliance Report request at support.doit-intl.com. Potential customers can reach out to Sales for more information.

DoiT International services in scope for SOC 2 include:

  • Flexsave for AWS
  • Flexsave for Google Cloud
  • SpotScaling for AWS
  • Cloud Analytics
  • Google BigQuery Lens
  • Amazon Web Services Lens
  • GKE Analytics
  • Cloud Sandboxes
  • Known Issues
  • Cost Anomalies
  • CIS Benchmark
  • Identity and Access Management

SOC 3

Like SOC 2, the SOC 3 report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC). The SOC 3 is a public report of internal controls over security, availability and confidentiality.

DoiT undergoes a regular third-party audit to certify individual products against this standard. Our SOC 3 reports for the DoiT International Product Portfolio can be downloaded on demand.

DoiT International services in scope for SOC 3 include:
  • Flexsave for AWS
  • Flexsave for Google Cloud
  • SpotScaling for AWS
  • Cloud Analytics
  • Google BigQuery Lens
  • Amazon Web Services Lens
  • GKE Analytics
  • Cloud Sandboxes
  • Known Issues
  • Cost Anomalies
  • CIS Benchmark
  • Identity and Access Management

GDPR

The General Data Protection Regulation (GDPR) is a privacy regulation that replaced the 95/46/EC Directive on Data Protection of 24 October, 1995, on May 25, 2018. GDPR lays out specific requirements for businesses and organizations that are established in Europe or that serve users in Europe by:
  • Regulating how businesses can collect, use and store personal data,
  • Building upon current documentation and reporting requirements to increase accountability,
  • Authorizing fines on businesses who fail to meet its requirements.
DoiT International prioritizes the security and privacy of customer personal data and wants clients to feel confident using our services in light of GDPR requirements. If you partner with us, we will support your GDPR compliance efforts by:
  • Committing in our contracts to comply with the GDPR in relation to our processing of customer personal data in all our products,
  • Offering additional security features that may help you to better protect the personal data that is most sensitive,
  • Giving you the documentation and resources to assist in your privacy assessment of our services,
  • Continuing to evolve our capabilities as the regulatory landscape changes.

Data Processing Agreement

The data processing agreement (DPA) is a legal document that needs to be signed to ensure the data processor will handle the data provided by the data controller properly, following the guidelines of the GDPR and/or the local data regulations.
Data is one of the most valuable assets for companies today, which is why having a DPA is critical for doing business with them. To prevent a potential data breach and abuse, DoiT International makes sure security measures are in place and that processing activities are compliant with the GDPR and/or the local data regulations.
The DPA is valid both as a written agreement and in electronic form. Its main purpose is to determine the way the data processor will handle the data provided by the data controller, including the scope of the data, its purpose or any other entities that will have access to this data.
Please find a link to our DPA here:
https://doit-intl.com/dpa