ABV maintains an active SOC 2 Type II certification, demonstrating that our security, availability, and confidentiality controls have been independently audited and verified to operate effectively over time. This is a real certification, not just alignment or best practices.
What is SOC 2 Type II?
SOC 2 (System and Organization Controls 2) is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA) for service organizations that store or process customer data.SOC 2 Type II examines both the design and operating effectiveness of security controls over a minimum 6-month audit period, providing evidence that controls work consistently over time.
- Security (mandatory): Protection against unauthorized access, both physical and logical
- Availability: System uptime and operational performance
- Processing Integrity: Complete, valid, accurate, timely, and authorized processing
- Confidentiality: Protection of confidential information
- Privacy: Collection, use, retention, and disposal of personal information
SOC 2 Type II vs Type I
The key difference between Type I and Type II audits:- Type I: Evaluates security controls at a single point in time
- Type II: Evaluates controls over a 6-12 month period, testing that they operate effectively throughout
ABV’s SOC 2 Type II Certification Status
Certification Details:
- Standard: SOC 2 Type II (not Type I)
- Trust Service Criteria: Security, Availability, and Confidentiality
- Audit Period: Minimum 6 months of continuous operation testing
- Auditor: Independent third-party CPA firm
- Renewal: Annual audit with continuous monitoring
- Availability: Report available to Pro and Enterprise customers under NDA
ABV’s SOC 2 Type II Controls
Our SOC 2 Type II audit validates controls across multiple domains:Security Controls
- Access Control: Multi-factor authentication, role-based access, principle of least privilege
- Encryption: TLS 1.2+ in transit, AES-256 at rest Learn more
- Network Security: Firewalls, intrusion detection, DDoS protection
- Vulnerability Management: Continuous scanning, annual penetration tests Learn more
- Incident Response: 24/7 monitoring, defined escalation procedures Learn more
Availability Controls
- High Availability Architecture: Multi-AZ deployment in AWS with automatic failover
- Backup and Recovery: Automated encrypted backups with cross-region replication
- Monitoring: Real-time system health monitoring with alerting
- Capacity Management: Resource planning and scalability testing
- Status Transparency: Public status page at status.abv.dev
- Regional Flexibility: Custom deployments available in most AWS regions for specific compliance needs
Confidentiality Controls
- Data Segregation: Customer data isolated using logical controls
- Secure Development: Security-focused SDLC with code review and testing
- Personnel Security: Background checks, security training, NDA requirements
- Secure Disposal: Cryptographic erasure and secure deletion procedures
- Vendor Management: Third-party security assessments and contractual requirements
What ABV’s SOC 2 Certification Means
What It Confirms
- Independent Verification: A third-party auditor has tested our controls over 6+ months
- Operational Effectiveness: Controls don’t just exist on paper - they work in practice
- Continuous Compliance: Not a point-in-time assessment, but sustained operation
- Risk Reduction: Reduced security risk for customers using ABV’s platform
- Due Diligence Support: Satisfies most vendor security assessment requirements
What It Doesn’t Mean
SOC 2 for Your Procurement Process
SOC 2 Type II certification is often required for:- Enterprise Procurement: Many organizations require vendors to have SOC 2 Type II before contract approval
- Security Questionnaires: SOC 2 demonstrates compliance with common security questionnaire requirements
- Risk Assessments: Independent audit evidence for third-party risk management programs
- Regulatory Compliance: SOC 2 controls align with GDPR, HIPAA, and other regulatory frameworks
- Insurance Requirements: Cyber insurance policies often require service providers to maintain SOC 2
Government and Public Sector
For Swedish government customers and EU public sector organizations, SOC 2 Type II:- Provides independent validation from a recognized US auditing standard
- Demonstrates security maturity and operational excellence
- Complements EU-specific certifications like ISO 27001 and NIS2 alignment
- Supports procurement evaluation criteria for cloud and SaaS vendors
Accessing Our SOC 2 Report
SOC 2 Type II reports contain confidential information about ABV’s security controls and are shared under NDA. Customers on Pro and Enterprise plans can request access to our SOC 2 Type II report.How to Request
- Email [email protected] from your company email
- Include:
- Your organization name and ABV account details
- Purpose of the request (procurement, vendor assessment, audit, etc.)
- Who will review the report (security team, auditors, procurement, etc.)
- Sign NDA: We’ll provide a mutual NDA for SOC 2 report sharing
- Receive Report: Once NDA is executed, we’ll share the full SOC 2 Type II report
Our SOC 2 Type II report is updated annually. Contact us for the most recent audit period covered by our current certification.
Complementary Certifications
SOC 2 Type II is one part of ABV’s comprehensive compliance program:- ISO 27001: International information security management standard Learn more
- ISO 42001: AI management system certification Learn more
- Annual Penetration Testing: Independent security assessments Learn more
- GDPR Compliance: Full data protection program for EU customers Learn more