Cloud Compliance

We prioritize the security of your data by continuously enhancing our capabilities to keep up with the ever-evolving security landscape.

Deltek’s Cloud solutions are audited annually using industry-leading standards such as System and Organization Controls (SOC) reporting, International Standard on Assurance Engagements (ISAE) 3000 and the National Institute of Standards and Technology Special Publication 800-171. When you choose Deltek Cloud, you receive the validated security and support you need to conduct business.

To ensure your business is always protected, we implement security best practices, including continuous monitoring. Our Security Operations Team of certified experts supports the Deltek Cloud and monitors for any anomalous traffic and activity 24/7/365. The team completes regular product, network and infrastructure vulnerability assessments to ensure your data is protected against potential threats.

Continuous risk assessments and maintenance are conducted by Deltek Global Information Security (GIS), and any threat mitigations are supported by the Security Incident Response Team (SIRT).

System and Organization Controls (SOC) Reporting

SOC reports are designed to provide assurance on internal controls over financial reporting (SOC 1), as well as system security (SOC 2 and SOC 3). These reports are created for Deltek by an independent auditor who evaluates Deltek's internal security controls with the AICPA defined control standards.

SOC 1

The SOC 1 Type II Report provides information on controls at a service organization, like Deltek, that are relevant to user entities' internal control over financial reporting.

Soc 1 reports are prepared in accordance with AT-C section 320 and are specifically intended to meet the needs of entities that use service organizations and the CPAs that audit the user entities’ financial statements.

SOC 2/ISAE 3000

The SOC 2 Type II Report provides information on controls at a service organization which may include one or more of the following trust services criteria: security, availability, processing integrity, confidentiality and/or privacy. Deltek conducts semi-annual SOC 2 reports for products hosted in Deltek’s Cloud.

SOC 3

The SOC 3 Report discusses the evaluation of the same AICPA criteria as a SOC 2 Report but does not include a description of the auditor's tests of controls and results, making this report available for general use.

View the Deltek Cloud solutions with available SOC 1, SOC 2 and SOC 3 Reports

	Ajera
Ajera	ConceptShare
	Costpoint
Costpoint	GovWin
	Maconomy
Maconomy	Project Information Management
	Talent Management
Talent Management	Unionpoint
	Vantagepoint
Vantagepoint	Vision
	WorkBook
WorkBook

Current SaaS customers can request a copy of the latest SOC 1, SOC 2 and SOC 3 Reports from their Customer Care representative.

NIST 800-171

National Institute of Standards and Technology (NIST) Special Publication 800-171 governs the storage, use and control of Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations. These standards define how to safeguard and distribute material designated by the United States Government to be sensitive but not classified.

Under federal regulations, such as DFARS clause 252.204-7012, certain companies and agencies are required to assess and document their compliance against NIST SP 800-171. This requirement includes assessing how networks are configured and how all data is protected.

View the Deltek Cloud solutions with implemented controls aligning with NIST SP 800-171

	Costpoint GCC & GCCM
Costpoint GCC & GCCM	Talent Management

CMMC

The Cybersecurity Maturity Model Certification (CMMC) is designed to enhance the protection of controlled unclassified information (CUI) in the United States Department of Defense supply chain and leverages NIST SP 800-171 controls and requirements.

Deltek is committed to supporting CMMC readiness. Deltek’s Costpoint ERP delivered in GovCon Cloud Moderate (GCCM) has already implemented all the necessary controls to support compliance with FAR, DFARS and CMMC requirements.

FedRAMP Moderate Ready

Costpoint GovCon Cloud Moderate (GCCM) has officially achieved FedRAMP Moderate Ready status by the Federal Risk and Authorization Management Program (FedRAMP®). This major achievement demonstrates Deltek's continued commitment and investment in delivering industry-leading, secure solutions.

Deltek's achievement of FedRAMP Moderate Ready means that a recognized third-party assessment organization (3PAO) has thoroughly evaluated Costpoint GCCM against FedRAMP Moderate controls and has verified that Costpoint GCCM meets this high standard for data security.