AICPA SOC 2 Type II

LLM API Gateway
SOC 2 Certified

SOC 2 Type II certification demonstrating security, availability, processing integrity, confidentiality, and privacy controls for your LLM workloads.

SOC 2 Trust Principles

Comprehensive coverage across all five trust service criteria

🔒
Security
Protection against unauthorized access, damage, and data breaches.
Availability
System accessibility and operation as committed or agreed.
Processing Integrity
Accurate, complete, and timely processing of data.
🔐
Confidentiality
Protection of confidential information as committed.
👤
Privacy
Personal information handling in accordance with policy.

Key Controls

Verified controls protecting your LLM operations

Control Area Description Status
Access Control Multi-factor authentication and RBAC implementation Verified
Encryption AES-256 at rest, TLS 1.3 in transit Verified
Network Security Firewalls, VPNs, and network segmentation Verified
Monitoring 24/7 security monitoring and alerting Verified
Incident Response Documented IR procedures with <1hr response Verified
Change Management Controlled deployment with approval workflows Verified
Backup & Recovery Daily backups with tested recovery procedures Verified

Audit Process

Independent third-party verification

1
Scope Definition
Define systems, locations, and trust criteria to be audited.
2
Control Testing
Independent auditor tests control design and operating effectiveness.
3
Evidence Collection
Gather documentation, logs, and artifacts supporting controls.
4
Report Generation
Comprehensive SOC 2 Type II report with auditor opinion.
5
Continuous Monitoring
Ongoing compliance with annual re-certification audits.