Looker remains committed to continually improving its security and compliance practice. In September of 2018, our Service Organization Control 2 Type 2 Report for the Looker Cloud Hosted Data Platform became available for customers and prospects. The SOC 2 Type 2 assessment was conducted by independent auditors, The Cadence Group, who specialize in compliance across multiple industries.
The Type 2 report addresses service organization security controls that relate to operations and compliance, as outlined by the AICPA’s Trust Services criteria. The report includes management’s description of Looker’s trust services and controls, as well as Cadence’s opinion of the suitability of Looker’s system design and the operating effectiveness of the controls, in relation to availability, security, and confidentiality.
While our SOC 2 Type 1 report, released in February of 2018, was a "test of design," showing that specific security controls were in place at a specific date in time, our Type 2 report is a much more rigorous "test of operating effectiveness" of the design, evaluated over a period of six months. A company that has achieved SOC 2 Type 2 certification has proven that its system is designed to keep its clients’ sensitive data secure, and that the design of relied-upon controls is operating effectively.
By implementing the data security controls necessary to achieve SOC 2 Type 2 certification, Looker continues to build on the trust that customers and prospects have in the Looker Data Platform. To provide further reassurance that the Looker platform is secure and highly available and that customer data remains confidential, we will renew our SOC 2 Type 2 certification every six months, beginning in Spring, 2019.
In addition to our ongoing SOC 2 efforts, Looker's compliance team is continually pursuing other opportunities to make the hosted Looker platform secure and trustworthy, including pursuing and achieving ISO 27001 compliance, self-assessing to the Cloud Security Alliance's cloud security assurance program, demonstrating that Looker handles customer data in accordance with the HIPAA data security standards and the PCI -DSS (Payment Card Industry) standard, and ensuring that the Looker platform is aligned with GDPR data privacy obligations.