Security & Trust

Overview

---

Shared Responsibility

Our SaaS platform called Duck Creek OnDemand provides a shared model for how our services are provided. Together with Microsoft and their Azure cloud services, we partner with customers to create a secure, flexible architecture supporting security and regulatory requirements in the cloud.

---

Physical Security

Microsoft’s Azure Cloud services are trusted by over 95% of Fortune 500 businesses and support over 90 compliance offerings in 140+ countries, providing levels of physical security that most companies struggle to achieve. For more information about Azure Compliance, please visit the Microsoft Trust Center at https://www.microsoft.com/en-us/trust-center.

---

Security Operations

Duck Creek has a dedicated staff covering security operations, security architecture and our governance, risk, and compliance initiatives. This team is lead by the Duck Creek Chief Information Security Officer operating out of our Rosemont, IL office where our Security Operations Center is located. The security operations staff monitors activity 24×7, protecting against malicious activity and is ready to respond to any incident.

---

Architecture

Our OnDemand services are architected to provide numerous layers of protection, including web application firewalls and secure gateways at the edge, network isolation, multi-factor privileged access management, host-based firewalls, content filtering and advanced threat prevention to name a few. For more details on how OnDemand is built with security by design, please review our OnDemand Security White Paper.

---

Compliance

Regulatory requirements continue to evolve with constant pressure on businesses to meet a multitude of controls related to privacy and data integrity. These requirements can be complex and can be difficult to keep up with. Duck Creek, as a service provider, keeps track of these changes so that we can ensure our offerings can achieve your compliance requirements. We have created white papers related to GDPR and the CCPA which help our customers understand how we help them maintain compliance with these regulations.

In addition to helping customers with their compliance needs, Duck Creek also works hard to provide assurance that our operations meet and exceed the requirements we have as a service provider. Our OnDemand offerings are ISO 27001 certified and we conduct annual SOC 1 Type II and SOC 2 Type II audits. Additionally, we perform annual risk assessments, internal audits and PCI-DSS assessments. We understand the importance of providing our customers with the assurance they need from their significant third-party providers.

---

Resources

If you are an existing Duck Creek customer or partner, please visit the Solution Center to download these documents. Otherwise, please contact information.security@duckcreek.com to request a copy.