Compliance | Security and Trust

Keeping your data secure is our top priority. To ensure we’re staying up-to-date on best practices and compliance requirements, our Cloud solutions align with industry-leading standards, including System and Organisation Controls (SOC) reporting, International Standard on Assurance Engagements (ISAE) 3000, NIST Special Publication 800-171 and CMMC 2.0. This means that when you choose our Deltek Cloud solutions, you get the security and support you deserve.

System and Organisation Controls (SOC) REPORTING

SOC reports are designed to provide assurance on internal controls over financial reporting (SOC 1), as well as system security and availability (SOC 2 and SOC 3). These reports are created for Deltek by an independent auditor who evaluates Deltek's internal security controls with the AICPA defined control standards.

SOC 1

The SOC 1 Type II Report provides information on controls at a service organisation, like Deltek, that are relevant to user entities' internal control over financial reporting.

Soc 1 reports are prepared in accordance with AT-C section 320 and are specifically intended to meet the needs of entities that use service organisations and the CPAs that audit the user entities’ financial statements.

SOC 2/ISAE 3000

The SOC 2 Type II Report provides information on controls at a service organisation, like Deltek, relevant to security, availability, processing integrity, confidentiality or privacy.

SOC 3

The SOC 3 Report discusses the evaluation of the same AICPA criteria as a SOC 2 Report but does not include a description of the auditor's tests of controls and results, making this report available for general use.

View the Deltek Cloud Solutions with Available SOC 1, SOC 2 and SOC 3 Reports

	Ajera
Ajera	Kona / Collaboration
	ConceptShare
ConceptShare	Maconomy
	Costpoint
Costpoint	Project Information Management
	Vantagepoint
Vantagepoint	TrafficLIVE
	Talent Management
Talent Management	Vision
	GovWin
GovWin	WorkBook

Current SaaS customers can request a copy of the latest SOC 1 and SOC 2 Reports from their Customer Care representative. A copy of Deltek's latest SOC 3 Report on Service Provider Systems (DSPS) is available here and the latest SOC 3 Report on GovCon Systems (DGCS) is available here.

NIST 800-171

National Institute of Standards and Technology (NIST) Special Publication 800-171 governs the storage, use and control of Controlled Unclassified Information (CUI) in Non-Federal Information Systems and organisations. These standards define how to safeguard and distribute material considered by the United States Government to be sensitive but not classified.

Under federal regulations, such as DFARS clause 252.204-7012, certain companies and agencies are now required to assess and document their compliance against NIST SP 800-171. This requirement includes assessing the way networks are configured and how all media is protected.

View the Deltek Cloud Solutions Products with Implemented Controls Aligning with NIST SP 800-171

	Costpoint
Costpoint GCCS	Talent Management

CMMC 2.0

The Cybersecurity Maturity Model Certification (CMMC) is designed to enhance the protection of controlled unclassified information (CUI) in the United States Department of Defense supply chain and mirrors NIST SP 800-171 and NIST SP 800-172 requirements.

Deltek is committed to maintaining CMMC readiness. Deltek’s Costpoint ERP delivered in GovCon Cloud Moderate (GCCM) has already implemented all the necessary controls to comply with DFARS 252.204-7012 contract requirements and is also contracted with a Certified Third-Party Organization (C3PAO) for CMMC 2.0 Maturity Level 2 assessment under the Joint Surveillance Program.