Compliance


Deltek aligns with several compliance standards for the Deltek Cloud, including System and Organization Controls (SOC) reports, the ISAE 3000 international assurance standard and the National Institute of Standards and Technology Special Publication 800-171.

System and Organization Controls

SOC reports are designed to provide Deltek customers and their auditors assurance on internal controls over financial reporting, system security and availability over the services that are provided. These reports are created for Deltek by an independent auditor who evaluates Deltek's internal security controls with the AICPA defined control standards.

SOC 1

The SOC 1 Report provides information on controls at a service organization, like Deltek, that are relevant to user entities' internal control over financial reporting using the Statement on Standards for Attestation Engagements (SSAE) 18 Audit Standard. This standard includes requirements for companies around the identification and classification of risk and appropriate management of third-party vendor relationships.

Ajera

Ajera

Kona / Collaboration

ConceptShare

ConceptShare

Maconomy

Costpoint

Costpoint

Project Information Management

Vantagepoint

Vantagepoint

TrafficLIVE

Talent Management

Talent Management

Vision

GovWin

GovWin

WorkBook

Current SaaS customers can request a copy of the latest SOC 1 Report from their Customer Care representative.

SOC 2

The SOC 2 Report provides information on controls at a service organization, like Deltek, relevant to security, availability, processing integrity, confidentiality and privacy. The SOC 2 Report covers the AICPA trust services criteria as common controls for measuring compliance and includes a description of the independent auditor's tests of controls and results.

SOC 3

The SOC 3 Report discusses the evaluation of the same AICPA criteria as a SOC 2 Report, but does not include a description of the auditor's tests of controls and results.

 

ISAE 3000

The ISAE 3000 is an international assurance standard for sustainability, to give independent assurance on processes and controls to customers and their auditors.

Ajera

Ajera

Kona / Collaboration

ConceptShare

ConceptShare

Maconomy

Costpoint

Costpoint

Project Information Management

Vantagepoint

Vantagepoint

TrafficLIVE

Talent Management

Talent Management

Vision

GovWin

GovWin

WorkBook

Current SaaS customers can request a copy of the latest ISAE 3000 Report from their Customer Care representative.

 

NIST 800-171

National Institute of Standards and Technology Special Publication 800-171 governs the storage, use and control of Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations. These standards define how to safeguard and distribute material considered by the United States Government to be sensitive but not classified.

Under federal regulations, such as DFARS clause 252.204-7012, certain companies and agencies are now required to assess and document their compliance against NIST SP 800-171. This requirement includes assessing the way networks are configured and how all media is protected.

 

CMMC

The Cybersecurity Maturity Model Certification (CMMC) is designed to enhance the protection of controlled unclassified information (CUI) in the Department of Defense supply chain and builds on the DFARS 252.204-7012 and NIST SP 800-17 requirements.

Deltek intends to incorporate the CMMC framework in our compliance and security posture for the following offerings:

  • Costpoint Cloud – Planned support for CMMC Level 3
  • Costpoint ITAR Cloud – Planned support for CMMC Level 4 (coming late 2020)