Compliance Frameworks & Certifications

Transparent, audited, and continuously monitored. CyberVault adheres to globally recognized security standards to ensure your data remains protected, private, and accessible only to authorized personnel.

SOC 2 Type II ISO 27001:2022 GDPR Compliant HIPAA Ready FedRAMP Moderate

Supported Frameworks

🛡️

Certified

SOC 2 Type II

📅 Valid Until: Mar 2026 🏢 Auditor: Deloitte 📊 Scope: Full Platform 🔁 Frequency: Annual

Independent audit evaluating our controls against AICPA Trust Services Criteria. Covers security, availability, processing integrity, confidentiality, and privacy.

View Summary Report → Full Audit PDF

🔐

Certified

ISO/IEC 27001:2022

📅 Valid Until: Nov 2026 🏢 Auditor: BSI Group 📊 Scope: ISMS 🔁 Frequency: Annual/Surveillance

Internationally recognized standard for Information Security Management Systems. Validates our risk management framework, control implementation, and continuous improvement processes.

ISMS Statement → Certificate of Registration

Validated

GDPR & Data Privacy

📅 DPO: Appointed 🏢 Review: Quarterly 📊 Scope: EEA Data 🔁 Frequency: Continuous

Full compliance with EU General Data Protection Regulation. Includes data mapping, DPIA templates, lawful processing basis documentation, and data subject request workflows.

DPA & SCCs → Privacy Notice

🏥

Certified

HIPAA Compliance

📅 Valid Until: Jun 2026 🏢 Auditor: TrustArc 📊 Scope: PHI Processing 🔁 Frequency: Annual

Designed for healthcare organizations requiring secure handling of Protected Health Information. Includes BAA execution, access logging, encryption at rest/in-transit, and breach notification protocols.

BAA Request → Security Controls Map

Framework Deep Dive: SOC 2 & ISO 27001

🛡️ SOC 2 Trust Services Criteria

Our Type II audit evaluates operational effectiveness over a 12-month period. Below are the criteria assessed and their validation status:

Security (CC6.x)Fully Validated
Availability (A1.x)Fully Validated
Processing Integrity (PI1.x)Fully Validated
Confidentiality (C1.x)Fully Validated
Privacy (PRIV)Partially In Scope

Audit Period: April 1, 2024 – March 31, 2025

Opinions: Unqualified (Clean)

Findings: 0 Exceptions, 2 Recommendations (Implemented)

🔐 ISO 27001 ISMS Structure

Our Information Security Management System is built on risk-based planning, continuous monitoring, and management review cycles aligned with Annex A controls.

Risk Assessment & TreatmentAutomated
Asset ManagementCMDB Integrated
Access Control (A.5)Enforced (Zero Trust)
Operations Security (A.8)Automated Monitoring
Incident Management (A.16)SOAR Integrated

Certification Body: BSI Group GmbH

Management Review: Quarterly

Internal Audit: Bi-Annual

Compliance Implementation Lifecycle

We don't just pass audits—we embed compliance into our engineering culture through continuous automation and governance.

Assessment & Gap Analysis

Baseline evaluation against target frameworks using automated policy scanning and manual expert review.

Control Implementation

Deploy technical, administrative, and physical controls. Integrate CI/CD guardrails and IaC compliance checks.

Third-Party Audit

Independent auditors test control design and operational effectiveness. Evidence is submitted via secure portal.

Continuous Monitoring

Automated drift detection, policy enforcement, and real-time dashboarding ensure post-certification compliance.

Audit Documentation & Access

Restricted compliance documents are available to verified customers and partners. Request access through your account portal or contact our compliance team.

Document Name	Framework	Version	Last Updated	Access
SOC 2 Type II Summary Report	SOC 2	v3.1	Apr 15, 2025	Request Access →
ISO 27001 Certificate of Registration	ISO 27001	v2.0	Nov 02, 2024	Download Public →
Data Processing Addendum (DPA)	GDPR/CCPA	v4.2	Feb 20, 2025	View Template →
Business Associate Agreement (BAA)	HIPAA	v2.5	Jan 10, 2025	Request via Portal →
Vendor Security Questionnaire (VSQ)	Multi	v5.0	Mar 01, 2025	Public Download →

Frequently Asked Questions

How often do you undergo SOC 2 and ISO audits?

SOC 2 Type II audits are conducted annually over a 12-month observation period. ISO 27001 requires initial certification followed by annual surveillance audits and a full recertification every three years. Internal audits are run bi-annually by our GRC team.

Can I access the full unredacted SOC 2 report?

Yes. After executing a non-disclosure agreement (NDA) through our secure portal, your compliance or procurement team will receive the complete auditor report within 1 business day. Summary reports are publicly available without NDA.

How does CyberVault handle data residency and sovereignty?

We support regional data isolation across AWS us-east-1, eu-central-1, and ap-southeast-1. Customer data is never commingled, and encryption keys are customer-managed via AWS KMS or Azure Key Vault when selected. Full data residency mapping is provided upon request.

What happens if a control failure is detected post-certification?

Our automated compliance monitoring system detects control drift in real-time. Failures trigger immediate remediation workflows, ticket creation in Jira Service Management, and escalation to the CISO within 4 hours. All incidents are documented and reported in quarterly compliance reviews.

Do you support third-party risk assessments from our auditors?

Absolutely. We cooperate fully with customer-initiated third-party audits. Our GRC portal allows auditors to view control mappings, evidence samples, and penetration test results. Standard response time for audit requests is 48 hours.

Need Compliance Documentation for Your Audit?

Our GRC team is ready to assist with vendor assessments, security reviews, and custom compliance reporting. Get direct access to our compliance portal or schedule a walkthrough.

Request Compliance Portal Access → 📞 Contact GRC Team