Compliance

Diligent’s Security Program is governed based on NIST Cybersecurity Framework and Diligent follows ISO/
IEC 27001 standards to keep information assets secure by implementing an Information Security Management System (ISMS). This provides a systematic approach for managing people, processes, and IT systems. Diligent’s ISMS is ISO/IEC 27001:2013, 27017:2015, and 27018:2019 certified.

Certifications and Attestations

Title Reporting Period Category Description Product
ISO 27001:2013 Certification January 1 to December 31 Public Cloud This certification issued by an independent third-party auditor validates that Diligent’s Public Cloud product complies with the ISO 27001 internationally- recognized standard for security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. HighBond
SOC 2 Type 2 October 1 to September 30 (annual)
Public Cloud The SOC 2 Type 2 report evaluates the Diligent Public Cloud product controls that meet the criteria for security and availability in the American Institute of Certified Public Accountants (AICPA) TSP section 100 Trust Services Criteria. This is our most recent SOC 2 report. SOC reports are audits performed over a period of time and do not expire. Our auditors perform our SOC audits twice a year over a period of 6 months. HighBond
ISO 27001:2013 27017:2015 and 27018:2019 April 19 2022 to April 10 2025 Co-location This certification issued by Schellman Compliance LLC validates that Diligent’s Public Cloud products comply with the ISO 27001 internationally recognized standard for operating an information security management system security management in alignment with best practices and security controls in alignment with ISO 27002 ISO 27017:2015 and ISO 27018:2019. Diligent Boards, Entities, Diligent Equity, Secure File Share/Secure Workflow, BoardEffect, Messenger, Minutes, Questionnaires and Director Network and Nominations, Diligent Compensation & Governance Intel
SOC 2 Type 2 Mar 1 2021 to Feb 28 2022 Co-location The SOC 2 Type 2 report evaluates Diligent Product controls that meet the criteria for security availability and confidentiality in the American Institute of Certified Public Accountants (AICPA) TSP section 100. Trust Services Criteria. This is our most recent SOC 2 report. SOC reports are audits performed over a period of time and do not expire. Our auditors perform our SOC audits annually over a period of 12 months. Diligent Boards, Entities, Diligent Equity, Secure File Share/Secure Workflow, BoardEffect, Messenger, Minutes, Questionnaires and Director Network and Nominations, Diligent Compensation & Governance Intel
SOC 1 Type 2 Mar 1 2021 to Feb 28 2022 Co-location The SOC 1 Type 2 report evaluates controls relevant to customers internal controls over financial reporting. This is our most recent SOC 1 report. SOC reports are audits performed over a period of time and do not expire. Our auditors perform our SOC audits annually over a period of 12 months. Diligent Boards, BoardEffect
HIPAA/HITECH Feb 28 Co-location The HIPAA/HITECH attestation evaluates the information security program for conformity to the applicable implementation specifications wIthin the HIPAA Security Rule and the HITECH Breach Notification Requirements as described in Part 164 of CFR 45 as of the date shown. Diligent Boards, Entities, BoardEffect