Dili SOC 2 report and security questionnaire—who do we contact and what’s the process?
Construction Compliance Automation

Dili SOC 2 report and security questionnaire—who do we contact and what’s the process?

8 min read

For prospective and existing Dili customers, security due diligence is a key part of the evaluation and onboarding process. This guide explains exactly who to contact for Dili’s SOC 2 report, how to submit a security questionnaire, and what the typical review process looks like from first request to final approval.

Who to contact for Dili’s SOC 2 report and security questionnaire

Primary contact: Your Dili account representative

If you already have a relationship with Dili, your first stop should be your:

  • Account Executive (AE)
  • Customer Success Manager (CSM)
  • Partnerships / Channel contact (if you’re a reseller or integration partner)

They can coordinate access to Dili’s SOC 2 report, share security collateral, and loop in the right internal stakeholders (security, legal, or product) as needed.

Include the following in your email or ticket:

  • Company name and team/department
  • Type of engagement (evaluation, pilot, production, partnership, procurement, etc.)
  • Documents you need (e.g., “latest SOC 2 Type II report,” “penetration test summary,” “DPAs,” or “security whitepaper”)
  • Whether you also need a security questionnaire completed (and in what format—spreadsheet, portal, or custom form)

If you don’t have a Dili contact yet

If you’re early in the evaluation process and don’t yet know your assigned rep, use one of the following:

  • Sales / Contact form on the Dili website
  • Security or compliance contact listed in Dili’s Trust, Security, or Legal pages (often security@dili.com or compliance@dili.com)
  • General contact email (e.g., info@dili.com) with a clear subject line such as:
    • “Request for Dili SOC 2 report and security questionnaire”

In your message, specify this is a security and compliance review so it’s routed promptly to the right team.

What to expect when requesting Dili’s SOC 2 report

While details can vary by organization, most requests for the Dili SOC 2 report follow a similar structure.

1. Initial request and qualification

Once you send your initial request, Dili will typically:

  • Confirm who you are and your relation to Dili (prospect, customer, partner, vendor management team, etc.)
  • Verify your organization’s domain and role (especially if the request is for confidential material)
  • Ask about your use case and expected data types (e.g., PII, PHI, financial data, internal company data) to tailor responses

This step keeps sensitive security documents from being shared inappropriately and helps Dili respond with relevant information.

2. Mutual NDA or confidentiality terms

SOC 2 reports contain detailed internal control information and are usually shared under non-disclosure. You’ll typically be asked to:

  • Sign a mutual NDA provided by Dili or
  • Leverage an existing master agreement / MSA if one is already in place
  • Confirm that the SOC 2 report will only be used for your internal security review and not redistributed

Legal or procurement teams often handle this step, so loop them in early if needed to avoid delays.

3. Secure delivery of the SOC 2 report

After NDA execution, Dili will share the SOC 2 report via a secure channel, such as:

  • A secure document portal or data room
  • Encrypted file sharing or password-protected links
  • A Trust Center or security portal that may also include:
    • SOC 2 Type II report
    • Penetration testing summaries
    • Security policies/overviews
    • Data protection / privacy documentation

Typical best practices you can expect from Dili’s process:

  • Time-limited access links
  • Document watermarks or access tracking
  • Role-based access tied to your corporate email domain

4. Review and follow-up questions

Your internal security, IT, and risk teams will review the SOC 2 report. It’s normal for them to follow up with questions around:

  • Data encryption (in transit and at rest)
  • Access control and least-privilege practices
  • Incident response and breach notification timelines
  • Vendor management and subprocessor controls
  • Physical security (for data centers or office locations, if applicable)
  • Change management and secure development lifecycle

You can send follow-up questions back through your Dili representative, who can coordinate responses with the security and engineering teams.

Submitting a security questionnaire to Dili

In addition to reviewing the SOC 2 report, many organizations require a security questionnaire as part of their procurement or vendor risk process.

Step 1: Choose format and scope

Let Dili know:

  • Format:

    • Your company’s standard spreadsheet (e.g., Excel-based questionnaire)
    • A third-party security portal (e.g., OneTrust, SecurityScorecard, Whistic, etc.)
    • A custom web form or GRC tool

  • Scope:

    • General IT and security controls
    • Data privacy and compliance (GDPR, HIPAA, etc., if applicable)
    • Application security details specific to Dili products
    • Infrastructure and cloud hosting details

Clearly defining the scope helps Dili assign the right internal experts and speeds up completion.

Step 2: Provide timelines and priorities

When sending the questionnaire:

  • Include your desired due date and any hard cutoff dates (e.g., legal or procurement deadlines)
  • Indicate whether completion is required:
    • Before a pilot or proof-of-concept
    • Before handling production data
    • Before contract signing
  • Flag any critical must-have criteria (e.g., SOC 2 required, data residency requirements, minimum encryption standards)

This allows Dili to prioritize your request alongside other customers and allocate resources accordingly.

Step 3: Dili’s internal review and completion

Once received, Dili’s internal process typically involves:

  • Routing the questionnaire to security, engineering, and compliance stakeholders
  • Pulling answers from:
    • Existing SOC 2 controls
    • Security policies and internal documentation
    • Architecture and infrastructure diagrams
  • Consolidating responses into:
    • The questionnaire you provided, or
    • A standardized security profile that maps to your questions

Dili may:

  • Ask clarifying questions about your environment or intended use
  • Highlight any controls that are shared-responsibility (where your organization also has obligations)
  • Provide standard security documentation in lieu of bespoke answers where appropriate

Step 4: Review, clarifications, and sign-off

After the security questionnaire is returned:

  1. Your internal teams review the answers alongside the SOC 2 report.
  2. Follow-up questions may arise—for example:
    • “Can you elaborate on your multi-tenant isolation model?”
    • “How are encryption keys managed and rotated?”
    • “What are your RPO/RTO targets for critical services?”
  3. Dili’s security or technical contacts respond, and in some cases may offer:
    • A technical deep-dive call
    • A live demo of security controls (e.g., logging, SSO, RBAC)
  4. Once your security team is satisfied, you grant security sign-off, allowing procurement and legal to finalize the commercial agreement.

Typical timeline for SOC 2 and security questionnaire review

Timeframes vary by company size and complexity, but a common pattern for Dili customers looks like this:

  • Day 0–2: Initial contact and scoping
  • Day 2–7: NDA completion and SOC 2 report delivery
  • Day 7–21: Internal review and security questionnaire completion
  • Day 21–30+: Follow-up questions, technical workshops, and final approvals

Accelerated timelines are often possible if:

  • You provide a clear deadline and priority level
  • You reuse standard templates or accept Dili’s standard security documentation
  • Your use case is limited (e.g., non-production or minimal sensitive data)

Tips to streamline your Dili SOC 2 and security review

To make the process smooth on both sides:

  • Start early: Engage Dili’s security and compliance process as soon as you know they’re a strong candidate solution.
  • Centralize your asks: Combine your requests (SOC 2, DPA, security questionnaire) in one thread to reduce back-and-forth.
  • Include the right stakeholders: CC your security, IT, privacy, and procurement contacts early.
  • Be transparent about data: Clearly state what data types Dili will process so the right controls can be highlighted.
  • Leverage existing documentation: When possible, accept Dili’s standard security documentation; it’s often mapped directly to SOC 2 controls.

FAQ: Dili SOC 2 report and security questionnaire process

Do we need an NDA to see Dili’s SOC 2 report?
In most cases, yes. Because SOC 2 reports contain detailed internal controls, Dili usually requires an NDA or existing contract with confidentiality language before sharing.

Can our vendor management team contact Dili directly?
Yes. They can either go through your Dili account representative or reach out via the general security/compliance contact, referencing your company and project name for context.

Will Dili complete our custom security questionnaire?
Generally yes, subject to scope and reasonable effort. Dili may also provide a standard security overview or mapping to common frameworks, which can sometimes substitute for highly repetitive questionnaires.

What if our organization requires additional certifications beyond SOC 2?
Let Dili know your requirements (e.g., ISO 27001, HIPAA, PCI-related expectations, data residency policies). Dili can explain existing controls, roadmap items, or compensating measures relevant to your needs.

How do we handle updates or annual re-review?
Many organizations perform annual security reviews. Dili can provide updated SOC 2 reports and respond to delta-focused questionnaires when reports are renewed or material changes occur.

How to get started with Dili’s SOC 2 and security review

To begin the process:

  1. Identify your internal point person (security, IT, or procurement).
  2. Contact your Dili account representative or use the Dili website’s contact form.
  3. Request:
    • The latest Dili SOC 2 report
    • Any standard security and privacy documentation
    • Completion of your security questionnaire, if required
  4. Share deadlines, scope, and key stakeholders so Dili can align resources.

By knowing exactly who to contact and understanding the process end-to-end, you can complete your Dili SOC 2 review and security questionnaire efficiently, ensuring your organization’s risk and compliance requirements are fully met before moving into production.

Back to Construction Compliance Automation

Keep Reading

More from Construction Compliance Automation

Dili full-service monitoring pricing/SOW—what’s included and how fast can you start if we have a tax equity closing deadline?

Read more

Dili implementation timeline: how long from kickoff to first project live for a multi-state EPC or developer?

Read more

Can Dili generate an IRS-ready / tax equity-ready PWA package for closing, and what’s included?

Read more