D-Wave Successfully Completes SOC 2 Type 2 Audit, Becomes First Full-Stack Quantum Computing Company to Achieve This Compliance

3 min readJan 30, 2024


By Fiona Hanington, Senior Director, Program Management, D-Wave

At D-Wave, we are focused on helping our customers successfully develop, deploy, and scale quantum applications. As part of that commitment, we use industry-standard best practices to ensure that our customers’ data is protected. One major initiative in support of customer data protection is SOC 2® compliance, and we are excited to announce that we successfully completed the SOC 2 Type 2 audit as of December 7, 2023, which follows our initial Type 1 audit milestone in March 2023. We are especially proud that our SOC 2 Type 2 report included no exceptions, which means that the independent auditor found no issues with D-Wave’s controls or their effectiveness over time and therefore can provide their unqualified opinion.

SOC 2 auditing follows a systematic analysis of trust service criteria deemed critical to security and client data protection. Our SOC 2 audit was conducted by A-LIGN, a technology-enabled security and compliance firm trusted by more than 4,000 global organizations to help mitigate cybersecurity risks.

“SOC 2 compliance is a key part of our production leadership, as it ensures commercial-grade security measures are established and regularly reviewed,” said Dr. Alan Baratz, CEO of D-Wave in a recent press release. “With customers increasingly incorporating and using our quantum solutions to support daily operations, this level of data protection and security is paramount.”

What is SOC 2?

SOC stands for “service organization control.” Established by the American Institute of Certified Public Accountants (AICPA), the SOC 2 audit is a comprehensive examination of all systems and tools used in a service organization’s operations. The resulting SOC 2 reports are recognized globally and affirm that the organization’s infrastructure, software, people, data, policies, procedures, and operations have been formally reviewed and meet a standard for the protection of potential and existing customers’ personal assets.

The SOC 2 audit testing framework is based on criteria that identify the risks an organization should address to protect customer data. Using criteria relevant to the organization, an accredited third-party compliance and audit firm (in our case, A-LIGN) evaluates whether the organization has the appropriate policies, procedures, and controls in place to manage risks effectively.

To receive a SOC 2 report with no exceptions, as we did, an organization must be deemed to have effective controls covering all in-scope parts of the business, in areas such as information security, access control, vendor management, system backup, business continuity, risk management, and more.

Why does SOC 2 matter to D-Wave?

As we help our customers put their quantum solutions into production, we want to provide peace of mind that our approach to mitigating cybersecurity risks is of the highest quality. Achieving SOC 2 Type 2 compliance serves as an independent attestation that we have taken proactive steps to mitigate risk for enterprises looking to scale their deployment of quantum computing solutions.

“I have even greater confidence in the company’s data security and processing integrity, given its SOC 2 Type 2 certification” says Major General John W. Holly (USA, Ret.), CEO and chairman of Davidson, one of D-Wave’s customers.

D-Wave is the first and only full-stack quantum computing provider to achieve SOC 2 Type 2 compliance, marking our ongoing commitment to client data security and protection. For more information or to request a copy of the SOC 2 Type 2 report, contact sales@dwavesys.com.