SOC 2 Compliance
MeasureLLM's SOC 2 Type II certification and security controls
Overview
MeasureLLM is SOC 2 Type II certified, demonstrating our commitment to maintaining the highest standards of security, availability, and confidentiality. This certification is independently audited and renewed annually.
SOC 2 Type II Certified
Independently audited by [Audit Firm]
Our most recent audit was completed in [Month Year], covering the trust service criteria of Security, Availability, and Confidentiality.
What is SOC 2?
SOC 2 (System and Organization Controls 2) is a security framework developed by the American Institute of CPAs (AICPA). It defines criteria for managing customer data based on five "trust service principles":
- Security: Protection against unauthorized access
- Availability: System availability for operation
- Processing Integrity: Accurate and complete data processing
- Confidentiality: Protection of confidential information
- Privacy: Proper handling of personal information
Type II vs Type I
MeasureLLM holds a Type II certification, which is more rigorous than Type I:
- Type I: Evaluates controls at a single point in time
- Type II: Evaluates controls over a period of time (typically 12 months)
Type II certification demonstrates that our controls are not just designed well but are operating effectively over time.
Trust Service Criteria
Security
Our security controls protect the system against unauthorized access:
Multi-factor authentication (MFA)
Role-based access control (RBAC)
Encryption in transit (TLS 1.3) and at rest (AES-256)
Network segmentation and firewalls
Intrusion detection and monitoring
Security incident response procedures
Availability
Our availability controls ensure the system is accessible when needed:
99.9% uptime SLA
Multi-region redundancy
Automated failover
Regular backups with tested recovery
Disaster recovery plan
24/7 system monitoring
Confidentiality
Our confidentiality controls protect sensitive information:
Data classification policies
Access logging and auditing
Employee confidentiality agreements
Secure data disposal procedures
Vendor security assessments
Our Controls
Access Management
- Unique user identification
- Strong password policies
- Multi-factor authentication
- Regular access reviews
- Prompt access revocation
Change Management
- Formal change request process
- Code review requirements
- Testing before deployment
- Rollback procedures
- Change documentation
Incident Management
- 24/7 monitoring and alerting
- Documented incident response plan
- Escalation procedures
- Post-incident reviews
- Customer notification procedures
Risk Management
- Annual risk assessments
- Vulnerability scanning
- Penetration testing
- Third-party security assessments
- Risk treatment tracking
📸 Diagram: Security Controls Framework
Shows the relationship between our security controls
Requesting Our SOC 2 Report
Enterprise customers and prospects can request our SOC 2 Type II report:
- Contact our sales or security team
- Sign our standard NDA
- Receive the full audit report
The report includes details about our controls and the auditor's findings.
Request SOC 2 Report
Contact [email protected] with your company name and reason for the request.
Continuous Compliance
We maintain our SOC 2 compliance through:
- Annual audits: Independent verification every year
- Continuous monitoring: Automated control testing
- Regular training: Security awareness for all employees
- Policy reviews: Quarterly policy and procedure updates
- Vendor management: Regular assessment of third parties
Additional Certifications
| Certification | Status | Scope |
|---|---|---|
| SOC 2 Type II | Certified | Security, Availability, Confidentiality |
| GDPR | Compliant | All personal data processing |
| CCPA | Compliant | California user data |
| ISO 27001 | Q3 2025 | Information security management |
Questions? Contact our security team at [email protected] for more information about our security practices and compliance certifications.