We’re proud to announce that BIChart is now SOC 2 Type 2 compliant , a major milestone in our commitment to security, trust, and transparency.
SOC 2 Type 2 compliance is one of the most rigorous standards in the industry for data security, availability, and confidentiality. Unlike a Type 1 report, which evaluates controls at a single point in time, Type 2 demonstrates that BIChart’s controls are operating effectively over an extended period of time.
This means independent auditors validated that our processes, systems, and safeguards consistently meet the highest standards, not just on paper, but in practice.
For enterprises trusting BIChart to automate their Tableau-to-Power BI migrations, SOC 2 Type 2 is more than a badge:
- Security & Confidentiality – Customer data is safeguarded at every step of the migration process.
- Operational Excellence – Our controls and processes are continuously monitored and proven effective.
- Enterprise Readiness – Compliance clears the way for large organizations with strict vendor requirements to confidently adopt BIChart.
This milestone reinforces BIChart’s role as not only the fastest path to Power BI but also the most secure and enterprise-ready.
SOC 2 Type 2 is only the beginning. As BIChart continues to expand into the Microsoft ecosystem, we will maintain the same focus on trust, compliance, and security that enterprises expect.
We’re excited to bring more innovation to the BI community, reinforced by the trust of industry peers and compliance experts.
SOC 2 Type 2 Details
Updated March 2026
BIChart is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.
Contact: Support@bichart.ai
Compliance
| Certification | Status |
|---|---|
| SOC 2 Type II | Compliant |
| SOC 2 Type I | Compliant |
Resources (Request-gated)
- SOC 2 Type I Report
- SOC 2 Type II Report
- Incident Response Policy
- Acceptable Use Policy
- Change Management Policy
Controls (76 total)
Asset Management
- Secure media disposal
- Technology asset inventory
Business Continuity and Disaster Recovery
- Multi-availability zone deployment
- Business continuity and disaster recovery plan
- Database backups
- Emergency operations continuity
Capacity and Performance Planning
- Capacity and performance monitoring
Change Management
- Material system change communication
- Customer notification for major changes
Cloud Security
- Cloud provider physical access review
Configuration Management
- Baseline configuration management
Continuous Monitoring
- Centralized log collection and monitoring
Cryptographic Protections
- Encryption at rest
- Production key management
- Encryption in transit
Cybersecurity and Data Privacy Governance
- Information security policies
- Whistleblower mechanism
- Organizational structure documentation
- Information security officer designation
- Security roles and responsibilities
- (+4 more not shown)
Data Classification and Handling
- Customer data deletion
- Data retention and deletion policy
- Data classification and access control
Endpoint Security
- Anti-malware protection
- Removable media controls
Human Resources Security
- Employee confidentiality agreements
- Termination access revocation
- Disciplinary process
- Employee background checks
- Contractor background checks
- (+3 more not shown)
Identification and Authentication
- Session timeout enforcement
- Password policy
- Access control procedures
- Least-privilege access for production infrastructure
- Production access management
- (+3 more not shown)
Incident Response
- Incident response procedures
- Security incident logging
- Security concern resolution
Information Assurance
- Security documentation availability
Mobile Device Management
- Mobile device management
Network Security
- Firewall rule management
- Secure connection requirements
- Network firewall
- Network architecture documentation
Physical and Environmental Security
- Visitor management policy
Risk Management
- Security and privacy risk management
- Annual risk assessment
- Cybersecurity insurance
Secure Engineering and Architecture
- Source code access controls
- Source code change approval
- Secure development procedures
- Environment separation
- Environment and tenant segmentation
- (+1 more not shown)
Security Awareness and Training
- Security awareness training
Security Operations
- Intrusion detection
- Customer support availability
Third-Party Management
- Outsourced development security
- Vendor management program
- Contractor confidentiality agreements
- Contractual security commitments
- Vendor confidentiality and privacy agreements
- (+1 more not shown)
Vulnerability and Patch Management
- Patch management
- Vulnerability scanning and remediation
Web Security
- Web application firewall
Subprocessors
| Name | Category |
|---|---|
| Slack | Business Apps & Productivity |
