[QODBC-ALL] Is QODBC SOC and SOC 2 compliant for the IRS? - Powered by Kayako Help Desk Software

Knowledgebase

(1)Downloads (1034)Tutorials (845)TroubleShooting (24)SQL Language Support (Syntax) (215)QXL Support (513)QODBC (85)QODBC Online (63)QODBC POS (3)QScheduler

Knowledgebase

[QODBC-ALL] Is QODBC SOC and SOC 2 compliant for the IRS?

Posted by Rajendra Dewani (QODBC Support) on 26 August 2025 08:03 AM

Is QODBC SOC and SOC 2 compliant for the IRS?

Problem Description:

Since we’re dealing with a lot of sensitive data, is QODBC SOC 2 compliant for the IRS?

Solution:

A common concern when working with sensitive financial data is whether the software in use complies with recognized security standards such as SOC 2 (often referenced in the context of IRS requirements). Customers often ask if the QODBC Driver is SOC 2 compliant.

This concern arises from the assumption that QODBC transmits or stores QuickBooks company file data outside the local environment. However, this is not the case.

The QODBC Driver does not send QuickBooks company file data to any QODBC server.
All processing occurs locally on the user’s computer where QuickBooks is installed.
The optimizer file, which improves query performance, is stored only in the local directory. Furthermore, this file is encrypted, ensuring that sensitive data cannot be accessed in plain text.

Therefore, the typical risks associated with hosted or cloud-based solutions—such as third-party storage, transmission, or centralized processing - do not apply to QODBC.

SOX Compliance

The Sarbanes-Oxley Act (SOX) is designed to regulate financial practices and corporate governance for publicly traded companies. Since QODBC is not operated by a publicly traded company, SOX compliance is not mandatory.

Reference: SOX Compliance Overview

SOC 2 Compliance

SOC 2 compliance focuses on service providers that store, process, or manage customer data. It evaluates how such providers handle data security, availability, processing integrity, confidentiality, and privacy.

In the case of QODBC:

No customer data is transmitted or stored on QODBC servers.
All data processing is performed locally on the end user’s environment.
The QODBC team does not access, manage, or retain QuickBooks company data in any form.

Because QODBC does not operate as a hosted or managed data-processing service, SOC 2 compliance does not apply to its operations.
Reference: SOC 2 Compliance Explained

QRemote

Please use an encrypted mode of data exchange when using QuickBooks Data remotely.

Please refer to Important Notice About Data Security - QRemote Security, Best Practices, and Recommendations

(0 vote(s))

Helpful

Not helpful

Comments (0)

Post a new comment Reply to comment
Post a new comment Reply to comment

Full Name:
Email:
Comments:

CAPTCHA Verification
CAPTCHA Verification

Please complete the captcha below (we use this to prevent automated submissions).

Help Desk Software by Kayako