# SOC 2 Type II

Service Organization Controls

## Our Path to SOC 2

SOC 2 Type II is the gold standard for demonstrating that a SaaS provider manages customer data securely. It evaluates security, availability, processing integrity, confidentiality, and privacy controls over a sustained period.

Sistava is actively building toward SOC 2 Type II certification. Our infrastructure and processes are designed from day one with SOC 2 trust service criteria in mind. We plan to engage an independent auditor as we scale into our enterprise phase.

## Controls Already in Place

While we have not yet completed a formal audit, we already implement the core controls SOC 2 requires: encrypted data at rest and in transit, role-based access control, audit logging, vulnerability management, incident response procedures, and change management processes.

Our multi-tenant architecture enforces strict isolation between customer environments at every layer. Access to production systems is restricted to authorized personnel with multi-factor authentication.

## Timeline

We are targeting SOC 2 Type II certification as part of our enterprise readiness roadmap. We will publish our certification status on this page as soon as the audit is complete. In the meantime, we are happy to share details of our security posture with prospective customers upon request.

## What this means for customers

- Infrastructure designed with SOC 2 trust criteria from day one
- Encryption, access control, and audit logging already in place
- Formal certification planned as part of enterprise readiness
- Security posture details available on request