Compliance
Deltek aligns with several compliance standards for the Deltek Cloud, including System and Organization Controls (SOC) reports, the ISAE 3000 international assurance standard and the National Institute of Standards and Technology Special Publication 800-171.
System and Organization Controls
SOC reports are designed to provide Deltek customers and their auditors assurance on internal controls over financial reporting, system security and availability over the services that are provided. These reports are created for Deltek by an independent auditor who evaluates Deltek's internal security controls with the AICPA defined control standards.
SOC 1
The SOC 1 Report provides information on controls at a service organization, like Deltek, that are relevant to user entities' internal control over financial reporting using the Statement on Standards for Attestation Engagements (SSAE) 18 Audit Standard. This standard includes requirements for companies around the identification and classification of risk and appropriate management of third-party vendor relationships.
Ajera |
|
Ajera |
Kona / Collaboration |
ConceptShare |
|
ConceptShare |
Maconomy |
Costpoint |
|
Costpoint |
Project Information Management |
Vantagepoint |
|
Vantagepoint |
TrafficLIVE |
Talent Management |
|
Talent Management |
Vision |
GovWin |
|
GovWin |
WorkBook |
Current SaaS customers can request a copy of the latest SOC 1 Report from their Customer Care representative.
SOC 2
The SOC 2 Report provides information on controls at a service organization, like Deltek, relevant to security, availability, processing integrity, confidentiality and privacy. The SOC 2 Report covers the AICPA trust services criteria as common controls for measuring compliance and includes a description of the independent auditor's tests of controls and results.
Ajera |
|
Ajera |
Kona / Collaboration |
ConceptShare |
|
ConceptShare |
Maconomy |
Costpoint |
|
Costpoint |
Project Information Management |
Vantagepoint |
|
Vantagepoint |
TrafficLIVE |
Talent Management |
|
Talent Management |
Vision |
GovWin |
|
GovWin |
WorkBook |
Current SaaS customers can request a copy of the latest SOC 2 Report from their Customer Care representative.
SOC 3
The SOC 3 Report discusses the evaluation of the same AICPA criteria as a SOC 2 Report, but does not include a description of the auditor's tests of controls and results.
Ajera |
|
Ajera |
Kona / Collaboration |
ConceptShare |
|
ConceptShare |
Maconomy |
Costpoint |
|
Costpoint |
Project Information Management |
Vantagepoint |
|
Vantagepoint |
TrafficLIVE |
Talent Management |
|
Talent Management |
Vision |
GovWin |
|
GovWin |
WorkBook |
A copy of Deltek's latest SOC 3 Report is available here.
ISAE 3000
The ISAE 3000 is an international assurance standard for sustainability, to give independent assurance on processes and controls to customers and their auditors.
Ajera |
|
Ajera |
Kona / Collaboration |
ConceptShare |
|
ConceptShare |
Maconomy |
Costpoint |
|
Costpoint |
Project Information Management |
Vantagepoint |
|
Vantagepoint |
TrafficLIVE |
Talent Management |
|
Talent Management |
Vision |
GovWin |
|
GovWin |
WorkBook |
Current SaaS customers can request a copy of the latest ISAE 3000 Report from their Customer Care representative.
NIST 800-171
National Institute of Standards and Technology Special Publication 800-171 governs the storage, use and control of Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations. These standards define how to safeguard and distribute material considered by the United States Government to be sensitive but not classified.
Under federal regulations, such as DFARS clause 252.204-7012, certain companies and agencies are now required to assess and document their compliance against NIST SP 800-171. This requirement includes assessing the way networks are configured and how all media is protected.
Costpoint |
|
Costpoint |
Talent Management |
CMMC
The Cybersecurity Maturity Model Certification (CMMC) is designed to enhance the protection of controlled unclassified information (CUI) in the United States Department of Defense supply chain and builds on the DFARS 252.204-7012 and NIST SP 800-171 requirements.
Deltek intends to incorporate the CMMC framework in our compliance and security posture for the following offerings:
- Costpoint Cloud – Planned support for CMMC Level 3
- Costpoint ITAR Cloud – Planned support for CMMC Level 4