A few years ago, our company made a deliberate, strategic decision to pivot away from US-centric SOC 2 audits. Instead, we chose to focus our resources on achieving rigorous global, European, and regional security certifications that provide broader international coverage.
Our current security posture is anchored by:
-
ISO/IEC 27001 & ISO/IEC 27017: Serving as our global foundation for information and cloud security management.
-
eIDAS (Advanced Electronic Signatures - AdES): Ensuring compliance with strict European digital trust and legal framework standards.
-
DESC Cloud Service Provider Security Standard: Meeting the specialized, mandatory cyber security regulations for the UAE region.
There is a clear 80 to 90% direct control overlap between SOC 2 and our active ISO/DESC frameworks.
Please also note that:
The DESC Core: The Dubai Electronic Security Center (DESC) framework is built exactly upon ISO 27001and ISO 27017. By achieving DESC, Circularo have validated its international ISO framework against a rigid sovereign standard.
Attestation vs. Certification: SOC 2 is an attestation report (a description of a specific point or window of time). ISO and DESC are certifications requiring structured, continuous Information Security Management Systems (ISMS) audited annually.
You can find all of our current certifications in the section on Security and Compliance.
Overlap Mapping: SOC 2 vs. Circularo Certifications
|
SOC 2 Trust Criteria |
Overlapping Control Area |
Covered By Our Active Certifications |
|
Security (Common Criteria) |
Access control, encryption, network security, risk management, and incident response. |
ISO 27001 (Annex A) fully mirrors this. The UAE DESC Standard explicitly accepts ISO 27001 as fulfillment for this core infrastructure audit. |
|
Availability |
System uptime, disaster recovery, cloud redundancy, and business continuity. |
ISO 27017 (Cloud Security) controls for cloud backup, redundancy, and service availability. |
|
Processing Integrity |
System processing is complete, valid, accurate, timely, and authorized. |
eIDAS (AdES) provides strict verification of data integrity, electronic origin, and anti-tampering protection. |
|
Confidentiality |
Protection of data designated as confidential during transit and storage. |
Jointly enforced by ISO 27001 access management and eIDAScryptographic certificate validation protocols. |