Privacy & Security Standards

SOC 2

What is SOC 2 compliance? SOC stands for Service Organizations Controls. SOC reports help Deel to establish and maintain trust between us and our clients.

SOC 2 is based on five Trust Service Criteria:

• Säkerhet
• Availability
• Processing Integrity
• Confidentiality
• Privacy

Deel is SOC 2 certified, with an audit completed annually. This means that Deel is practicing all of the essential technical and organizational controls and practices to ensure that user data that is shared with Deel is fully protected, with all the effective privacy & security safeguards in place.

Our SOC 2 Report Clients may review our SOC 2 report by contacting our Customer Support.

ISO 27001

What is the ISO 27001 certification? ISO 27001 is a global standard for information security systems and defines the security requirements that must be met.

En ISO 27001-certifiering innebär att Deel har infört system för att hantera risker relaterade till säkerheten för data som ägs eller hanteras av Deel och att dessa system följer alla principer och bästa metoder som fastställts i den internationella standarden.

ISO 27001 is crucial for a company like Deel as it helps us to manage risks, ensure cyber-resilience and operational excellence.

Contact Customer Support for a copy of our ISO 27001 Certification and our Statement of Applicability (SoA).

HIPPA - Health Insurance Portability and Accountability Act

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

HIPPA ensures baseline privacy and security standards for Protected Health Information (PHI).

How does HIPAA apply to Deel? For employees based in the US, Deel interacts with healthcare providers as part of our benefits services. Deel has adopted a robust approach to ensure HIPAA compliance and uphold the trust placed in it by patients and partners.

How does Deel comply with HIPAA obligations?

• Internal education and Training: Deel recognizes that compliance begins with a well-informed workforce. Regular training sessions are conducted for all team members to ensure a clear understanding of HIPAA regulations, including how to handle PHI securely and respond to potential breaches.
• Risk Assessment and Management: Deel conducts thorough risk assessments to identify vulnerabilities and potential security threats to PHI. These assessments help develop effective risk management strategies to mitigate and address these risks.
• Security Measures: Deel employs robust technical and organizational measures to protect PHI. This includes encryption, access controls, multi-factor authentication, firewalls, and system monitoring to prevent unauthorized access.
• Data Protection Agreements (DPAs): Deel ensures that all external partners, vendors, and contractors who have access to PHI sign legally binding DPAs. These agreements outline their responsibilities for protecting personal data.
• Incident Response Plan: Deel has a well-defined incident response plan in place to swiftly address and contain any breaches that might occur. This includes steps to notify affected parties, assess the impacts, and take corrective actions to prevent future incidents.
• Continuous Monitoring and Auditing: Regular internal audits and monitoring of security systems and internal are carried out to identify and rectify any potential compliance gaps. These practices ensure that Deel remains up-to-date with evolving HIPAA regulations.
• Data Retention and Disposal: Deel establishes clear protocols for the retention and secure disposal of personal data. Outdated or unnecessary data is securely removed from systems to reduce the risk of unauthorized access.

Document Access

To access Deel's SOC 2 Report or ISO 27001 Certification, please contact our Customer Support team.