SOC 2 Type 2 & SOC 3

SOC 2 assesses service organizations’ security, availability, processing integrity, confidentiality, and privacy controls against the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria), in accordance with SSAE 18.

Xano has completed a comprehensive SOC 2 Type 2 audit

To summarize, The SOC 2 report is an internal control report capturing how a company safeguards customer data and how well those controls are operating. Xano went through a detailed audit with a reputable AICPA auditor and the attestation can be found below.

FAQ

What is a SOC 2 Type 2 Report?

A SOC 2 Type 2 report is a type of Service Organization Control (SOC) report that provides an independent auditor's opinion on the effectiveness of a service organization's controls related to security, availability, processing integrity, confidentiality, and privacy over a specified period of time.

Unlike a SOC 2 Type 1 report, which provides a point-in-time snapshot of a service organization's controls, a SOC 2 Type 2 report covers a longer period of time, in our case three months. This allows the auditor to evaluate the effectiveness of the service organization's controls over a period of time and determine whether the controls were consistently applied and effective throughout that time period.

The SOC 2 Type 2 report is based on the Trust Services Criteria (TSC) established by the American Institute of Certified Public Accountants (AICPA). The TSC define criteria for evaluating the effectiveness of controls related to security, availability, processing integrity, confidentiality, and privacy.

The SOC 2 Type 2 report includes a description of the service organization's systems and the controls in place to protect the systems and data. The report also includes the auditor's opinion on the effectiveness of those controls and identifies any exceptions or deficiencies in the controls identified during the audit.

What is a SOC 3 Report?

A SOC 3 report is a type of Service Organization Control (SOC) report that provides an overview of a service organization's controls related to security, availability, processing integrity, confidentiality, and privacy. SOC 3 reports are designed to be more broadly distributed than SOC 2 reports.

The SOC 3 report is based on the same framework as the SOC 2 report, which is the Trust Services Criteria (TSC) established by the American Institute of Certified Public Accountants (AICPA). The TSC define criteria for evaluating the effectiveness of controls related to security, availability, processing integrity, confidentiality, and privacy. The SOC 3 report provides a high-level overview of Xano's (Service Organization's) controls.

SOC 3 reports are intended to provide assurance to users of Xano's systems and data, as well as to other stakeholders such as regulators, investors, and business partners.

Can I get a copy of Xano's SOC report?

Due to the sensitive security nature of our SOC 2 Type 2 report, the decision to limit its distribution is based on careful consideration of our goals, risks, and regulatory obligations, as well as the expectations of our stakeholders. That is why we are only limiting the distribution of our SOC 3 report to legitimate enterprise inquiries only.