Compliance soc 2 type ii What our certification covers and how to read it.

We are SOC 2 Type II certified.

The audit covered the Trust Service Criteria for security, availability, and confidentiality, observed across a defined audit period by an independent third party. Type II means the auditor verified that our controls were not only designed and in place, but also operated effectively over the audit period.

SOC 2 Type II certified

What this means in practice

Type II is a stronger form of SOC 2 attestation than Type I. Type I confirms that controls are documented and in place at a single point in time. Type II goes further: an independent auditor tests those controls over a multi-month period and confirms they actually operated as designed.

For our clients, that translates to a clean answer when their procurement, security, or compliance teams ask the hard questions about the firm they are about to bring inside their environment.

Trust Service Criteria covered

  • Security. Protection of systems and data against unauthorized access, disclosure, and damage.
  • Availability. Systems are available for operation and use as committed.
  • Confidentiality. Information designated as confidential is protected accordingly.

Processing Integrity and Privacy are not in the scope of this report. If they are relevant to your engagement we are happy to discuss the specific controls we operate against them.

Audit period and auditor

The audit period and the name of the auditor are noted in the report cover. We share both, along with the full report, under NDA on request.

Requesting the report

Current clients and prospective clients are welcome to request the full report. Email soc2 (at) we-shi.com with a brief note about your role and we will arrange access under NDA.

How we maintain the controls

Certification is the start of the work, not the end. We continue to operate the controls year-round and intend to maintain a Type II audit on an annual basis. The supporting documentation is reviewed regularly and updated as our environment evolves.

Reporting a security concern

If you believe you have found a security issue with anything we operate or anything we have built, please write to soc2 (at) we-shi.com. We respond promptly and in good faith.

Anything else

Detailed posture discussions or unusual requirements go to hello (at) we-shi.com, or you can begin a conversation from the contact page.