ABV maintains an active SOC 2 Type II certification, demonstrating that our security, availability, and confidentiality controls have been independently audited and verified to operate effectively over time. This is a real certification, not just alignment or best practices.
What is SOC 2 Type II?
SOC 2 (System and Organization Controls 2) is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA) for service organizations that store or process customer data.SOC 2 Type II examines both the design and operating effectiveness of security controls over a minimum 6-month audit period, providing evidence that controls work consistently over time.
- Security (mandatory): Protection against unauthorized access, both physical and logical
- Availability: System uptime and operational performance
- Processing Integrity: Complete, valid, accurate, timely, and authorized processing
- Confidentiality: Protection of confidential information
- Privacy: Collection, use, retention, and disposal of personal information
SOC 2 Type II vs Type I
The key difference between Type I and Type II audits:- Type I: Evaluates security controls at a single point in time
- Type II: Evaluates controls over a 6-12 month period, testing that they operate effectively throughout
ABV’s SOC 2 Type II Certification Status
Certification Details:
- Standard: SOC 2 Type II (not Type I)
- Trust Service Criteria: Security, Availability, and Confidentiality
- Audit Period: Minimum 6 months of continuous operation testing
- Auditor: Independent third-party CPA firm
- Renewal: Annual audit with continuous monitoring
- Availability: Report available to Pro and Enterprise customers under NDA
ABV’s SOC 2 Type II Controls
Our SOC 2 Type II audit validates controls across multiple domains:Security Controls
- Access Control: Multi-factor authentication, role-based access, principle of least privilege
- Encryption: TLS 1.2+ in transit, AES-256 at rest Learn more
- Network Security: Firewalls, intrusion detection, DDoS protection
- Vulnerability Management: Continuous scanning, annual penetration tests Learn more
- Incident Response: 24/7 monitoring, defined escalation procedures Learn more
Availability Controls
- High Availability Architecture: Multi-AZ deployment in AWS with automatic failover
- Backup and Recovery: Automated encrypted backups with cross-region replication
- Monitoring: Real-time system health monitoring with alerting
- Capacity Management: Resource planning and scalability testing
- Status Transparency: Public status page at status.abv.dev
- Regional Flexibility: Custom deployments available in most AWS regions for specific compliance needs
Confidentiality Controls
- Data Segregation: Customer data isolated using logical controls
- Secure Development: Security-focused SDLC with code review and testing
- Personnel Security: Background checks, security training, NDA requirements
- Secure Disposal: Cryptographic erasure and secure deletion procedures
- Vendor Management: Third-party security assessments and contractual requirements
What ABV’s SOC 2 Certification Means
What It Confirms
- Independent Verification: A third-party auditor has tested our controls over 6+ months
- Operational Effectiveness: Controls don’t just exist on paper - they work in practice
- Continuous Compliance: Not a point-in-time assessment, but sustained operation
- Risk Reduction: Reduced security risk for customers using ABV’s platform
- Due Diligence Support: Satisfies most vendor security assessment requirements
What It Doesn’t Mean
SOC 2 for Your Procurement Process
SOC 2 Type II certification is often required for:- Enterprise Procurement: Many organizations require vendors to have SOC 2 Type II before contract approval
- Security Questionnaires: SOC 2 demonstrates compliance with common security questionnaire requirements
- Risk Assessments: Independent audit evidence for third-party risk management programs
- Regulatory Compliance: SOC 2 controls align with GDPR, HIPAA, and other regulatory frameworks
- Insurance Requirements: Cyber insurance policies often require service providers to maintain SOC 2
Government and Public Sector
For Swedish government customers and EU public sector organizations, SOC 2 Type II:- Provides independent validation from a recognized US auditing standard
- Demonstrates security maturity and operational excellence
- Complements EU-specific certifications like ISO 27001 and NIS2 alignment
- Supports procurement evaluation criteria for cloud and SaaS vendors
Accessing Our SOC 2 Report
SOC 2 Type II reports contain confidential information about ABV’s security controls and are shared under NDA. Customers on Pro and Enterprise plans can request access to our SOC 2 Type II report.How to Request
- Email security@abv.dev from your company email
- Include:
- Your organization name and ABV account details
- Purpose of the request (procurement, vendor assessment, audit, etc.)
- Who will review the report (security team, auditors, procurement, etc.)
- Sign NDA: We’ll provide a mutual NDA for SOC 2 report sharing
- Receive Report: Once NDA is executed, we’ll share the full SOC 2 Type II report
Our SOC 2 Type II report is updated annually. Contact us for the most recent audit period covered by our current certification.
Complementary Certifications
SOC 2 Type II is one part of ABV’s comprehensive compliance program:- ISO 27001: International information security management standard Learn more
- ISO 42001: AI management system certification Learn more
- Annual Penetration Testing: Independent security assessments Learn more
- GDPR Compliance: Full data protection program for EU customers Learn more
Related Topics
ISO 27001 (Security)
See our international security certification
Penetration Testing
Learn about our security testing program
Encryption
Explore our encryption standards
Security Overview
View our complete security program