Does Vimeo have a SOC 2 Type 2 Report?
Yes. Vimeo obtained a SOC 2 Type 2 Report in February, 2021. The report covers the period of July 2020 to December 2020. The next report will be available in February 2022.
What is the primary purpose of this report?
The report provides an independent assessment of Vimeo’s security and privacy control environment. The assessment includes a description of the controls, the tests performed to assess them, the results of these tests, and an overall opinion on the design and operational effectiveness of the same.
What is the scope of the Vimeo SOC 2 Type 2 report?
Vimeo’s SOC 2 Type 2 Report covers the AICPA’s Trust Services Principle and Criteria of Security.
How does SOC 2 Type 2 relate to other information security regulations or certifications?
SOC 2 Type 2 controls overlap with controls in ISO/IEC 27001:2013 Annex A / ISO/IEC 27002:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2014, HIPAA security requirements, and FFIEC’s examination guidelines for GLBA Information Security. Control mappings to these certifications/regulations can be found in the report.
What is the audit cycle for the Vimeo SOC 2 Type 2 report?
Audits are performed annually, and a report covering July through December is issued in February.
How do I access the report?
The report is available to Enterprise customers. If your organization has an Enterprise-level plan, and you require visibility into these materials, please reach out to your Account Manager.