Dreamdata Achieves SOC 2 Type II Compliance for the 4th Year Running 

Written By Maimouna Corr Fonsbøl

If your security team needs to review Dreamdata before you go live, or before you renew, this is the post to send them.

We’ve successfully completed our SOC 2 Type II audit for the fourth consecutive year. 

And for the second consecutive year, the auditor found zero instances of controls failing to operate as designed across the entire 12-month period.

The report covers the period from March 20, 2025, to March 20, 2026, and was issued by Johanson Group LLP, an independent, AICPA-licensed CPA firm. 

Four years. Same standard. Same commitment. And given what we do, that consistency is the whole point.

Protect the heart of your GTM stack

Dreamdata connects to the core of a B2B company's go-to-market stack.

That means CRM data, ad platform integrations, website tracking, pipeline and revenue signals, contact-level behavioral data, and data warehouse exports. 

For any security team doing vendor due diligence, this isn't a peripheral tool. It sits at the center of how marketing and revenue data flows through an organization.

That's why we treat security as a continuous operational discipline.

“Our customers hand us their most critical go-to-market data. Trust has to be earned every day, and not just in the two weeks before an audit. We think security should be continuous, proven, and built into how our team works every day. We don't take shortcuts on compliance, because our customers can't afford for us to do so,” says Andy Dyrcz, Dreamdata’s CISO.

Demonstrated operational security

SOC 2 Type I is a point-in-time snapshot. It confirms that controls existed on a specific day.

SOC 2 Type II is different. It evaluates whether controls held up consistently across an entire year of real operations, covering access management, change control, monitoring, incident response, availability, and vendor oversight, among others.

For a security team signing off on a vendor that handles pipeline and revenue data, that distinction matters. You're not reviewing a moment in time. You're reviewing 12 months of demonstrated operational security.

Our security and compliance program is run in-house by a dedicated team. 

Our examination is performed by Johanson Group LLP, an independent, AICPA-licensed CPA firm with no commercial relationship to Dreamdata beyond the audit itself. 

And the report reflects real fieldwork, real evidence, and real human judgement applied consistently across a full operating period.

Nothing changes. That's the point.

For existing customers renewing their vendor review, the controls in this year's report are the same controls that have been in place and independently verified for four consecutive years. 

There are no gaps in the operating periods. No years skipped. No scope reductions.

Security teams evaluating Dreamdata for the first time are reviewing a posture that's been running continuously since 2022 and will still be running the same way after you sign.

The audit in short:

  • Trust Service Criteria: Security

  • Audit period: March 20, 2025 - March 20, 2026

  • System in scope: The Dreamdata Platform

  • Auditor: Johanson Group LLP, an independent, AICPA-licensed CPA firm

  • Exceptions: Zero

Get the report

You can request the complete SOC 2 Type II report or take a look at our updated SOC 3 report, a public summary of the same examination, on our Trust Center.

Four years in. Onto year five.

Maimouna Corr Fonsbøl
Next

How LLMs Are Reshaping Content – From Creation to Visibility