Home / Compliance / SOC 2 Type II Report
\✅ AICPA Certified \u00b7 Type II Audit

SOC 2 Type II
Compliance Report

Independent auditor verification of CyberVault's controls over security, availability, processing integrity, confidentiality, and privacy.

Audit Period

Jan 1, 2024 \u2013 Dec 31, 2024

Report Version

v4.2 (Q1 2025 Release)

Independent Auditor

SecureAudit Partners LLP

Overall Opinion

\u2713 Unqualified (No Exceptions)

Trust Services Criteria

Our SOC 2 Type II audit evaluates the design and operating effectiveness of controls across the five AICPA Trust Services Criteria. CyberVault achieved passing status across all in-scope principles.

\u{1F6E1} Security

System is safeguarded against unauthorized access, threats, and breaches through encryption, MFA, network segmentation, and continuous monitoring.

\u2699\uFE0F Availability

System is available for operation and use as committed, backed by 99.99% SLA, geo-redundant infrastructure, and automated failover.

\u{1F4CB} Processing Integrity

System processing is complete, accurate, timely, and authorized through automated validation and data integrity checks.

\u{1F512} Confidentiality

Confidential information is protected as committed via role-based access, data classification, and strict NDA enforcement.

\u2709\uFE0F Privacy

Personal information is collected, used, retained, disclosed, and disposed of in conformity with privacy commitments and GDPR/CCPA.

Scope & Key Controls

The audit scope encompasses CyberVault's SaaS platform, SOC infrastructure, client data processing pipelines, and third-party integrations. Key controls tested include:

Control Domain Description Audit Result
Access Management Enforced MFA, least-privilege RBAC, and automated offboarding workflows \u2713 Pass
Data Encryption AES-256 at rest, TLS 1.3 in transit, customer-managed keys (KMS) \u2713 Pass
Change Management Peer-reviewed deployments, staging validation, and rollback procedures \u2713 Pass
Incident Response 24/7 SOC monitoring, documented playbooks, quarterly tabletop exercises \u2713 Pass
Vendor Risk Third-party security assessments, contractual SLAs, and continuous monitoring \u2139\uFE0F Note
Disaster Recovery Geo-redundant backups, RTO < 1hr, RPO < 5min, annual failover testing \u2713 Pass

Request Report Access

Secure Document Portal

SOC 2 reports contain sensitive audit details. Please complete the form below. Our compliance team will deliver the PDF within 24 hours, subject to NDA verification.

\u{1F512} All submissions are encrypted and processed in compliance with our privacy policy.

Frequently Asked Questions

What is a SOC 2 Type II report? +
A SOC 2 Type II report is an independent audit conducted by a certified CPA firm that evaluates whether an organization's controls are not only properly designed but also operating effectively over a period of time (typically 6-12 months).
Why is it gated behind a form? +
SOC 2 reports contain detailed information about our infrastructure, controls, and test methodologies. To protect client data and prevent misuse, we require basic verification and NDA acknowledgment before sharing.
How often is the report updated? +
We undergo a full Type II audit annually. Interim reviews may be conducted mid-cycle. The latest version is always available here upon request.
What if I need a custom compliance questionnaire? +
Our compliance team maintains up-to-date responses for SIG, Vanta, Drata, and CAIQ. Contact us at compliance@cybervault.io for custom submissions.