SOC 2 Type II

This page summarizes our security posture for customers and prospects. It is not a substitute for an auditor's report. Specific control objectives, test periods, and exceptions appear only in an official SOC 2 report shared under NDA.

What SOC 2 Type II means

SOC 2 is an attestation framework issued by the AICPA. A Type II report describes how a service organization designed and operated controls over a period of time, evaluated against the Trust Services Criteria (security is required; availability, processing integrity, confidentiality, and privacy are optional categories).

Our commitment

Justransform designs, implements, and operates technical and organizational controls intended to meet the expectations of security-conscious enterprises: logical access, change management, monitoring, incident response, vendor management, and resilient cloud operations. We engage qualified assessors on a cadence appropriate to our customer base and regulatory context.

Obtaining the report

Customers and prospects under active evaluation may request our latest SOC 2 Type II report under a standard non-disclosure agreement. Use Request access and note "SOC 2 report" in your message so we route you to the right team.

Related resources

• Privacy Policy — how we handle personal data.
• HIPAA readiness — for healthcare-adjacent workloads.