Skip to content
TruthVouch Docs

SOC 2 Type II Compliance

TruthVouch is SOC 2 Type II certified, meaning our security controls have been independently audited and verified by a certified public accountant firm.

What is SOC 2?

SOC 2 is a framework for evaluating how companies safeguard customer data. “Type II” means we’ve been audited not just on design of controls but on their operation over a minimum 6-month period.

Five Trust Service Criteria

1. Security

Are systems protected from unauthorized access?

TruthVouch Controls:

  • Access controls (roles, MFA, audit logging)
  • Encryption (AES-256 at rest, TLS 1.3 in transit)
  • Vulnerability management (penetration testing)
  • Incident response procedures
  • Network security (WAF, DDoS protection)

Audit Result: Passes — all controls operational

2. Availability

Is the system available when needed?

TruthVouch Controls:

  • 99.9% uptime SLA (monitored)
  • Automated failover (multi-region)
  • Capacity planning (daily monitoring)
  • Incident response (sub-1-hour resolution)
  • Status page (transparent status)

Audit Result: Passes — maintains SLA

3. Processing Integrity

Are transactions recorded accurately?

TruthVouch Controls:

  • Request validation (all inputs validated)
  • Audit logging (immutable, hash-chained)
  • Data integrity checks (checksums)
  • Reconciliation procedures (monthly)
  • Monitoring (real-time dashboards)

Audit Result: Passes — accurate transaction recording

4. Confidentiality

Is sensitive data kept confidential?

TruthVouch Controls:

  • Data classification (sensitive, internal, public)
  • Encryption (applies to sensitive data)
  • Access controls (least privilege)
  • DLP monitoring (detecting data leaks)
  • Secure deletion (60-day erasure)

Audit Result: Passes — confidentiality maintained

5. Privacy

Are personal data privacy rights respected?

TruthVouch Controls:

  • Privacy policy (clear, accessible)
  • Data subject rights (access, deletion, portability)
  • GDPR compliance (DPA, sub-processors)
  • Consent management (opt-in for communications)
  • Third-party management (sub-processor vetting)

Audit Result: Passes — privacy commitments honored

Audit Details

  • Audit Period: January 2023 - December 2023
  • Auditor: [Big 4 Firm Name]
  • Scope: TruthVouch SaaS platform (APIs, dashboards, data centers)
  • Exceptions: None (no control failures or exceptions noted)

Getting Our SOC 2 Report

The full SOC 2 Type II report is confidential but available to:

  • Prospective customers (under NDA)
  • Existing customers (upon request)
  • Enterprise prospects (as part of vendor evaluation)

Request: Email security@truthvouch.com with business context.

What SOC 2 Doesn’t Cover

SOC 2 audits controls but doesn’t certify:

  • Specific compliance with GDPR/HIPAA/etc. (covered separately)
  • Effectiveness for your specific use case
  • Absence of all security vulnerabilities
  • Absence of future breaches

Renewal

SOC 2 Type II audit renews annually:

  • Next Audit: January 2024 - December 2024
  • Cadence: Annual (moving to biennial possible)
  • Continuous Monitoring: Real-time dashboards throughout year

Next Steps

  • Request Report: Contact sales for SOC 2 report under NDA
  • Comparison: How SOC 2 compares to other certifications (ISO 27001, etc.)
  • GDPR: GDPR compliance (separate audit)