Delphi Cloud
Contact Us

SOC 2 Type II Compliance

Independent Verification of Our Operational Excellence and Security Controls

Delphi Cloud has successfully achieved SOC 2 Type II attestation. Developed by the American Institute of CPAs (AICPA), SOC 2 (Service Organization Control 2) is widely recognized as the gold standard for security compliance for SaaS and cloud service providers.

Unlike a simple checklist, SOC 2 reports focus on an organization's internal controls related to information security. Our Type II report specifically validates not just the design of our controls, but their operating effectiveness over a sustained period (typically 6-12 months). This assures our customers that our security measures are consistently followed every single day.

The Trust Services Criteria

Our audit covers the five Trust Services Criteria (TSC) defined by the AICPA, ensuring a holistic approach to data protection:

Security

The system is protected against unauthorized access. Controls include firewalls, intrusion detection, and multi-factor authentication.

Availability

The system is available for operation and use as committed or agreed. Controls include performance monitoring, disaster recovery, and incident handling.

Processing Integrity

System processing is complete, valid, accurate, timely, and authorized. Essential for financial and data processing applications.

Confidentiality

Information designated as confidential is protected. This covers access controls, network encryption, and data classification.

Privacy

Personal information is collected, used, retained, disclosed, and disposed of in conformity with the entity's privacy notice.

The Independent Audit Process

Our SOC 2 Type II audit was conducted by a reputable, independent CPA firm. The process involves:

  1. Scope Definition: Determining which systems and services are covered.
  2. Gap Analysis: Identifying areas for improvement before the official audit period.
  3. Observation Period: The auditor monitors our controls over a 6-12 month period (Type II distinction).
  4. Evidence Collection: Gathering screenshots, logs, and policy documents to prove controls are working.
  5. Final Report: The auditor issues an opinion on whether we have fairly represented our controls and if they were effective.

Requesting the Report

Transparency is key to trust. Current and prospective customers can request a copy of our SOC 2 Type II report to conduct their own vendor risk assessments. Please contact your account manager or our compliance team to request access under a Non-Disclosure Agreement (NDA).