Security & Trust

Our SaaS platform called Duck Creek OnDemand provides a shared model for how our services are provided. Together with Microsoft and their Azure cloud services, we partner with customers to create a secure, flexible architecture supporting security and regulatory requirements in the cloud.

Microsoft’s Azure Cloud services are trusted by over 95% of Fortune 500 businesses and support over 90 compliance offerings in 140+ countries, providing levels of physical security that most companies struggle to achieve. For more information about Azure Compliance, please visit the Microsoft Trust Center at https://www.microsoft.com/en-us/trust-center.

Duck Creek has a dedicated staff covering security operations, security architecture and our governance, risk, and compliance initiatives. This team is lead by the Duck Creek Chief Information Security Officer operating out of our Rosemont, IL office where our Security Operations Center is located. The security operations staff monitors activity 24×7, protecting against malicious activity and is ready to respond to any incident.

Our OnDemand services are architected to provide numerous layers of protection, including web application firewalls and secure gateways at the edge, network isolation, multi-factor privileged access management, host-based firewalls, content filtering and advanced threat prevention to name a few. For more details on how OnDemand is built with security by design, please review our OnDemand Security White Paper.

Regulatory requirements continue to evolve requiring businesses to meet a multitude of controls related to privacy and data integrity. These requirements are complex and vary based on region, industry, and the nature of the data involved. Duck Creek reviews regulatory requirements applicable to Duck Creek as a SaaS provider in the IT services industry to assist our Customers to achieve their compliance requirements.

Duck Creek OnDemand offerings are ISO 27001 compliant, and we conduct annual SOC 1 Type II and SOC 2 Type II independent audits. Additionally, we perform annual risk assessments and internal audit. Duck Creek understands the importance of providing our customers with a robust information security program that provides market standard options expected from an important third-party SaaS provider.

If you are an existing Duck Creek customer or partner, please visit the Solution Center to download these documents. Otherwise, please contact information.security@duckcreek.com to request a copy.