Xano Documentation

SOC 2 Type 2

System and Organization Controls
SOC 2 assesses service organizations’ security, availability, processing integrity, confidentiality, and privacy controls against the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria), in accordance with SSAE 18.

Xano has completed a comprehensive SOC 2 Type 2 audit

To summarize, The SOC 2 report is an internal control report capturing how a company safeguards customer data and how well those controls are operating. Xano went through a detailed audit with a reputable AICPA auditor and the attestation can be found below.


What are SOC 2 & SOC 3 reports used for?

SOC 2 & SOC 3 reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.
The Security principle gives a customer reasonable assurance that their data is safe and secure, and demonstrates that systems are protected against unauthorized access (both physical and logical).
These reports can play an important role in:
  • Organizational oversight
  • Regulatory oversight
  • Vendor management programs
  • Internal corporate governance and risk management processes