Duck Creek Security Policies & Practices
Duck Creek Technologies takes great pride in maintaining a strong Security and Compliance Program that is tested by accredited third parties on an annual basis. This page contains supporting documentation that highlights the effectiveness of our program and provides additional information about how being a Duck Creek OnDemand customer can help customers achieve their own compliance requirements. As part of that program, notifying customers about security vulnerabilities that may come up is of especially high importance to us. For information about identified security vulnerabilities, see Duck Creek Security Alerts.
This page contains SOC Reports, Guide to the CCPA, Guide to the GDPR, ISO 27001 Certification, Security White Paper, and PCI DSS Validation document.
 | The documents listed on this page are intended for use by Duck Creek customers, partners, employees, and are not to be shared or otherwise distributed. For related questions, please contact us at information.security@duckcreek.com. |
| TITLE | DESCRIPTION |
|---|---|
| Duck Creek OnDemand – 2022 Type 2 SOC 1 Report | OnDemand Software-as-a-Service – A Type 2 independent service auditor’s report on a description of a service organization’s system and the suitability of the design and operating effectiveness of controls. January 1, 2022 to December 31, 2022 |
| Duck Creek OnDemand – 2022 Type 2 SOC 2 Report | OnDemand Software-as-a-Service – A Type 2 independent service auditor’s report on controls relevant to security, availability, and processing integrity. January 1, 2022 to December 31, 2022 |
| Duck Creek ISO 27001 Certification | Includes the Duck Creek certification of registration for information security management. |