dbt

Ship securely without compromise

Your data security matters, which is why we’ve designed our systems, applications, and processes to safeguard your data as if it were our own. dbt Cloud has been engineered at every level to handle your most sensitive data.

Deliver data quality with high security

Maintain your data security posture with the strongest encryption standards. dbt Cloud maintains an A+ rating from Qualys/SSL and requires communications to use the strongest encryption protocols so you can ship high-quality data with low risk. We have continuous monitoring and development to identify possible issues and keep our systems up to date.

Run your code fast on our secure infrastructure

Keep your data protected on a platform that’s proven safe and secure. Our processes are continually tested and maintained to the highest standards, and we partner with top experts to stay up to date with the latest security techniques. This includes third party providers that continuously challenge our systems with rigorous penetration testing to find weak points before they can be exploited.

Compliance

ISO 27001:2022

ISO 27001:2022 is a globally recognized standard for the establishment and certification of an information security management system (ISMS). The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks. It sets forth a risk-based approach that focuses on adequate and proportionate security controls that protect information assets and give confidence to interested parties. dbt Labs received its initial ISO27001:2013 certification on December 9, 2021. dbt Labs completed its most recent surveillance audit on November 24, 2024. The certificate is available for viewing here.

ISO 27701:2019

ISO 27701:2019 specifies requirements and guidelines to establish and continuously improve a Privacy Information Management System (PIMS), including processing of Personally Identifiable Information (PII), and is an extension of the ISO/IEC 27001 and ISO/IEC 27002 standards for information security management. It provides a set of additional controls and associated guidance that is intended to address public cloud PIMS and PII management requirements that aren’t addressed by the existing ISO/IEC 27002 control set, for both processors and controllers. dbt Labs is noted as a Processor. We have been assessed our conformity with the ISO/IEC 27701:2019 standard over our privacy information system and is combined with our ISO27001 certificate here.

SOC2 Type II

A SOC 2 examination, performed by an independent, certified public accounting (CPA) firm, is an assessment of a service provider’s security control environment against the trust services principles and criteria set forth by the American Institute of Certified Public Accountants (AICPA). The result of the examination is a report which contains the service auditor’s opinion, a description of the system that was examined, management’s assertion regarding the description, and the testing procedures performed by the auditor. dbt Cloud completed a SOC 2 Type II examination, which means its controls were assessed based on their operating effectiveness over the reporting period of October 1, 2023 to September 30, 2024. Our SOC2 Type II is available for review under MNDA upon request.

GDPR

dbt Cloud is fully GDPR compliant. dbt Cloud’s Terms of Service includes a Data Processing Addendum that enacts standard contractual clauses set forth by the European Commission to establish a legal basis for cross-border data transfers from the EU.

PCI

Before granting dbt Cloud access to data subject to PCI requirements, please contact support at [email protected].

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. dbt Cloud has been assessed against relevant HIPAA Security criteria as part of our SOC2 Type II Report over the reporting period of October 1, 2023 to September 30, 2024. Our SOC2 Type II is available for review under MNDA upon request.

Security Highlights

The entire dbt Cloud team is focused on keeping you and your data safe. We use industry standards including OWASP, NIST, ISO 27001, and ISO 27701 to guide our security program and engineering practices.