Dili SOC 2 report and security questionnaire—who do we contact and what’s the process?
Construction Compliance Automation

Dili SOC 2 report and security questionnaire—who do we contact and what’s the process?

10 min read

For security, compliance, and procurement teams evaluating Dili, it’s natural to ask: where do we get the SOC 2 report, who do we talk to, and what does the process look like for completing our security questionnaire? This guide walks through the typical flow, what to expect at each step, and how to move quickly from first request to final approval.

Who to contact for Dili’s SOC 2 report and security documentation

The fastest way to obtain Dili’s SOC 2 report and related security documents is to contact the team that already owns your commercial relationship with Dili.

1. Your Dili account executive or sales contact

If you’re in an active evaluation or sales cycle, your primary contact is usually your account executive (AE) or sales representative. They can:

  • Initiate the NDA process so you can access the SOC 2 report
  • Loop in Dili’s security and legal teams as needed
  • Coordinate timelines between your security review and the commercial decision

Best for:

  • New customers in evaluation
  • Existing customers expanding scope, usage, or data sensitivity
  • Teams needing a single point of coordination (legal, security, and procurement)

Include in your request:

  • Your company name
  • Your role and team (e.g., Security, Procurement, Legal, Engineering)
  • What you need: SOC 2 report, security questionnaire, DPA, penetration test summary, etc.
  • Any deadlines or go-live dates that influence the timeline

2. Security or compliance contact (if shared)

Some customers are given a dedicated security or compliance email alias (e.g., security@dili.ai or compliance@dili.ai). If your AE has shared such an address, this channel is ideal for:

  • SOC 2, ISO, and other audit reports
  • Security questionnaires and risk assessments
  • Data protection agreements and privacy addenda

If you’re unsure whether such an alias exists, ask your AE or support contact; they can make the introduction.

3. Dili support (for self-serve or smaller accounts)

If you signed up via self-serve or don’t yet have a named account executive, your path is usually through support. You’ll typically find:

  • A support email (e.g., support@dili.ai)
  • An in-app support widget or chat
  • A “Contact Us” form on the website

In your message, clarify that you are requesting security and compliance documentation and specify whether you need:

  • SOC 2 report
  • Security whitepaper / overview
  • DPA and subprocessor list
  • Answers to a custom security questionnaire

Support can either provide the standard package directly or escalate to the security/compliance team.

What to expect when requesting Dili’s SOC 2 report

Because SOC 2 reports contain sensitive internal control details, they are usually shared under controlled conditions. The process typically follows these steps:

Step 1: NDA (Non-Disclosure Agreement)

Most organizations require an NDA before sharing their SOC 2 report. Dili is no exception in many cases.

You can expect:

  • Dili to send you an NDA via e-signature platform (e.g., DocuSign)
  • Or to accept your company’s mutual NDA, if that’s your standard process

To accelerate this step:

  • Provide your legal review contact up front if you have one
  • Share any required legal language early (e.g., data residency, confidentiality clauses)
  • Flag any strict internal deadlines so Dili’s legal team can prioritize

Step 2: Access to SOC 2 and core security documentation

Once the NDA is in place (or if Dili allows immediate sharing for certain materials), you’ll typically receive a standard security package that may include:

  • Latest SOC 2 Type II report (or Type I, depending on audit scope and maturity)
  • Executive summary or security overview
  • Data security and privacy whitepaper
  • Infrastructure / architecture overview (high-level)
  • Subprocessor / vendor list and hosting details
  • Incident response and business continuity summaries

These documents usually cover most of the information your security team needs, including:

  • Logical and physical security controls
  • Access management practices
  • Encryption methods (in transit and at rest)
  • Logging, monitoring, and incident response
  • Change management and SDLC controls
  • Vendor management and risk management processes

Step 3: Alignment with your internal review process

Once you have Dili’s SOC 2 and security documents, your internal process might include:

  • Initial review by your security or risk team
  • A formal risk assessment or third-party vendor review
  • Legal review of data protection and privacy terms
  • Procurement review of commercial and contractual items

Dili’s team can usually support by:

  • Providing clarifications on specific controls or findings
  • Supplying additional summaries (e.g., penetration test overview, uptime/availability history)
  • Joining live calls with your security stakeholders, if needed

Flag any unusual requirements early (e.g., mandatory penetration test frequency, specific logging standards, custom data residency clauses) so Dili can respond efficiently.

How to submit a security questionnaire to Dili

Many organizations require a completed security questionnaire in addition to reviewing SOC 2 and other documents. Dili’s standard approach generally follows this pattern.

Step 1: Choose the format and scope

Dili will handle questionnaires in one of three ways:

  1. Standard industry questionnaires

    • CAIQ / CSA STAR
    • SIG Lite or SIG Core
    • Common regional standards

  2. Customer-specific spreadsheets or portals

    • Custom Excel/Google Sheets
    • Procurement platforms (e.g., OneTrust, SecurityScorecard, internal vendor portals)

  3. Alternatives to long questionnaires

    • In some cases, Dili may propose using its SOC 2 report + standard security pack to replace or significantly reduce custom questionnaires.

To speed this step up:

  • Specify your preferred format (e.g., “We use SIG Lite” or “We have a 200-question internal spreadsheet”)
  • Clarify whether all questions are mandatory or if Dili’s standard documents can be used for partial/complete substitution

Step 2: Send the questionnaire and context

When you send your security questionnaire to Dili, include:

  • Due date: When you need it completed (e.g., contract signature date, launch date)
  • Priority level: Whether this is blocking a critical milestone
  • Context: What data you’ll store or process with Dili (PII, PHI, internal data, production data, etc.)
  • Access level: Who on your side will review the answers (security, IT, legal, business owner)

This context helps Dili prioritize and tailor responses so they are relevant to your actual use case and risk profile.

Step 3: Dili completes and returns the questionnaire

Dili’s security and compliance team will:

  • Review the questionnaire and match questions against existing control descriptions
  • Answer items based on SOC 2 controls, internal policies, and implemented practices
  • Flag any questions that are out of scope or not applicable
  • Provide links or references to supporting documents (e.g., SOC 2 sections, policy excerpts)

Turnaround time depends on questionnaire length and complexity. For planning purposes:

  • Small questionnaires (20–50 questions): often a few business days
  • Medium questionnaires (50–150 questions): around 1–2 weeks
  • Large/custom questionnaires (150+ questions): may require more time and active coordination

If you have a hard deadline (e.g., procurement board meeting), communicate it upfront so Dili can schedule accordingly.

Typical timeline from request to approval

While every organization’s review process is different, a common flow for “Dili SOC 2 report and security questionnaire—who do we contact and what’s the process?” looks like this:

  1. Day 0–2: Initial request and NDA

    • You contact your Dili AE, security alias, or support
    • NDA is exchanged and signed (if required)

  2. Day 2–5: Document review

    • Dili shares SOC 2 and security documentation
    • Your security team performs initial review

  3. Day 5–15: Questionnaire and follow-up

    • You send security questionnaire (if required)
    • Dili completes questionnaire and clarifies any complex topics
    • Optional joint security review meeting or Q&A session

  4. Day 15–30: Internal approvals and contracting

    • Your security team signs off
    • Legal, procurement, and business owners finalize agreements
    • Dili’s team supports any remaining clarifications

This timeline can be significantly shorter for low-risk use cases or when your team accepts standard documents in place of large questionnaires.

Information your team should prepare in advance

To keep the SOC 2 and security questionnaire process with Dili smooth and efficient, prepare:

  • Your internal requirements

    • Whether SOC 2 is mandatory or “nice to have”
    • Whether you require Type I or Type II
    • Any specific frameworks (e.g., ISO 27001, HIPAA, GDPR) that must be addressed

  • Your data and use-case profile

    • Types of data: PII, financial data, health data, source code, internal docs
    • Environments: production vs. test/sandbox
    • Regions: where your users and data primarily reside

  • Security review policies

    • Whether you have a standard questionnaire or prefer using Dili’s SOC 2 and security pack
    • Whether you use a dedicated vendor security platform that Dili needs to register with

  • Stakeholders and decision-makers

    • Security / risk owner
    • Business owner or sponsor (e.g., Head of Product, Ops, or Engineering)
    • Legal contact for NDA and DPA
    • Procurement or finance contact for contracting

Sharing this information with your Dili contact at the start reduces back-and-forth and helps Dili align documentation with your exact requirements.

How Dili’s SOC 2 report fits into your risk evaluation

Your internal stakeholders may ask why they should care specifically about Dili’s SOC 2 report and how it fits into the broader security posture evaluation.

Dili’s SOC 2 report allows you to:

  • Validate controls: Confirm that Dili has formalized controls around security, availability, confidentiality, and related trust principles.
  • Rely on third-party testing: Independent auditors have tested whether Dili’s controls are designed and operating effectively over a specified period.
  • Reduce questionnaire scope: A robust SOC 2 Type II often covers many of the questions in your standard vendor security questionnaire.
  • Support compliance mapping: Your own compliance efforts (SOC, ISO, GDPR, etc.) often require you to show that critical vendors like Dili are independently assessed.

During your review, you’ll typically want to look at:

  • The audit period covered by the SOC 2 report
  • Any exceptions or deviations identified by the auditor
  • How those exceptions were addressed or mitigated
  • Whether the report scope matches the specific Dili services you plan to use

Dili’s security or AE contact can help interpret findings and provide additional context as needed.

When and how to escalate questions or concerns

If your internal review raises questions or concerns about Dili’s security posture, SOC 2 findings, or questionnaire answers, you can:

  1. Ask for a dedicated security review call

    • Invite your security, privacy, and infrastructure stakeholders
    • Have Dili’s security and/or product teams walk through architecture, controls, and data flows

  2. Request additional clarifications in writing

    • For issues that must be documented for your internal audit trail
    • For comparison with other vendors in a competitive evaluation

  3. Discuss compensating controls

    • If there are controls your organization expects but Dili addresses differently, explore compensating controls or usage limitations that reduce risk to an acceptable level

The earlier these discussions happen, the easier it is to align on a path forward without delaying your implementation timeline.

Summary: How to move quickly through Dili’s SOC 2 and security questionnaire process

To recap the key points related to “Dili SOC 2 report and security questionnaire—who do we contact and what’s the process?”:

  • Who to contact

    • Start with your Dili account executive if you have one
    • Use any provided security/compliance email alias
    • Otherwise, reach out via support or the website’s contact form

  • What to expect for SOC 2 access

    • Likely NDA before receiving the full SOC 2 report
    • Standard security package including SOC 2, security overview, and other key documents

  • How the security questionnaire process works

    • Share your questionnaire, format, and deadlines
    • Dili’s security/compliance team completes it, referencing SOC 2 and internal policies
    • Expect a few days to a couple of weeks depending on length and complexity

  • How to accelerate the process

    • Provide context on your use case and data types
    • Share internal requirements and deadlines early
    • Be open to using Dili’s SOC 2 report and standard security documentation to reduce questionnaire scope

With the right contact path and clear expectations, the Dili SOC 2 report and security questionnaire process can move smoothly from initial request to final approval, enabling your team to adopt Dili with confidence in its security and compliance posture.

Back to Construction Compliance Automation

Keep Reading

More from Construction Compliance Automation

Dili full-service monitoring pricing/SOW—what’s included and how fast can you start if we have a tax equity closing deadline?

Read more

Dili implementation timeline: how long from kickoff to first project live for a multi-state EPC or developer?

Read more

Can Dili generate an IRS-ready / tax equity-ready PWA package for closing, and what’s included?

Read more