Try for free Book a demo

SOC 2

Last Updated – 28th Oct 2023

Document360 Limited System and Organization Controls (SOC) Reports are the result of independent third-party audits that examine how Document360 Limited achieves key security controls and objectives. The Document360 Limited SOC 2 Security Type II report will help you and your auditors understand the Document360 Limited controls established to support data security, availability, confidentiality, processing integrity, and more.

What is SOC2?

SOC 2 is an auditing procedure designed to ensure that service providers securely manage data to protect the interests of your organization and the privacy of its clients. Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “Trust Service Principles”

  • Security: the system is protected against unauthorized access, both physical and logical
  • Availability: the system is available for operation and use as committed or agreed
  • Processing integrity: system processing is complete, accurate, timely, and authorized.
  • Confidentiality: information designated as confidential is protected as committed or agreed
  • Privacy: personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with the criteria set forth in Generally Accepted Privacy Principles

A SOC 2 report comes in two formats:

  • Type I: measures policies and procedures that are in place at a specific moment in time
  • Type II: measures the effectiveness of policies and procedures as operated over a specified time period, with a minimum of six months

What is the Document360 Limited SOC 2 report?

Document360 Limited has a SOC 2 Type II report for Document360 Limited. The report describes Document360 Limited’s security controls and examines the suitability and effectiveness of those controls to meet the AICPA Trust Service Principles. It provides an independent assessment of how well Document360 Limited manages data with respect to security, availability, confidentiality, and processing integrity.

Which Document360 Limited services are in the scope for the SOC 2 Type II report?

The scope of the SOC 2 Type II report includes Kovai Systems India Private Limited and Document360 Limited. Any products or features that are in beta, preview, or similar are not in scope.

What was the testing period for the most recent report and how often are Document360 Limited SOC2 audits performed?

The Document360 Limited SOC 2 Type II report covers the period from Nov 1, 2022 to Oct 31, 2023. New reports are released annually.

Is an NDA required to receive Document360 Limited SOC reports?

Yes, an NDA is required to review the Document360 Limited SOC 2 Type II report. Please write to us at support@document360.com to begin the process.