Back to Trust Center

SOC 2

MongoDB System and Organization Controls (SOC) Reports are the result of independent third-party audits that examine how MongoDB achieves key compliance controls and objectives. The MongoDB SOC 2 Security Type II report will help you and your auditors understand the MongoDB controls established to support data security, availability, confidentiality, privacy, and more.

FAQ

What is SOC 2?

SOC 2 is an auditing procedure designed to ensure that service providers securely manage data to protect the interests of your organization and the privacy of its clients. Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “Trust Service Principles” —

  1. Security: the system is protected against unauthorized access, both physical and logical
  2. Availability: the system is available for operation and use as committed or agreed
  3. Processing integrity: system processing is complete, accurate, timely, and authorized
  4. Confidentiality: information designated as confidential is protected as committed or agreed
  5. Privacy: personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with the criteria set forth in Generally Accepted Privacy Principles

A SOC 2 report comes in two formats:

  • Type I: measures policies and procedures that are in place at a specific moment in time
  • Type II: measures the effectiveness of policies and procedures as operated over a specified time period, with a minimum of six months

What is the MongoDB SOC 2 report?

MongoDB has a SOC 2 Type II report for MongoDB Atlas. The report describes MongoDB’s security controls for Atlas, and examines the suitability and effectiveness of those controls to meet the AICPA Trust Service Principles. It provides an independent assessment of how well MongoDB Atlas manages data with respect to security, availability, processing integrity, confidentiality and privacy.

Which MongoDB services are in the scope for the SOC 2 Type II report?

MongoDB Atlas is in the scope of the SOC 2 Type II report.

What regions are covered by the MongoDB SOC 2 Type II report?

The report covers all regions available with MongoDB Atlas.

Who performs the independent 3rd-party audit of MongoDB for SOC reports?

Schellman and Company, LLC performs the MongoDB SOC 2 audits.

What was the testing period for the most recent report and how often are MongoDB SOC 2 audits performed?

The MongoDB SOC 2 Type II report covers the period from September 1, 2018 to August 31, 2019. New reports are released annually.

Is an NDA required to receive MongoDB SOC reports?

An NDA is required to review the MongoDB SOC 2 Type II report. Please contact us to begin the process.

View our other compliance offerings

GDPR →
EU-US Privacy Shield →
HIPAA →

Ready to get started?

Launch a new app or migrate to MongoDB Atlas with zero downtime

Start with 512MB FreeContact