Today we’re pleased to announce that VectorAutomate has achieved SOC 2 Type II certification. This is a milestone for our company and, more importantly, a signal to our enterprise customers that we take data security as seriously as they do.
What Is SOC 2 Type II?
SOC 2 (System and Organization Controls 2) is an auditing framework developed by the American Institute of Certified Public Accountants (AICPA). It evaluates an organization’s controls related to security, availability, processing integrity, confidentiality, and privacy.
The key distinction between Type I and Type II is time. A Type I report evaluates whether controls are properly designed at a single point in time. A Type II report evaluates whether those controls were operating effectively over a sustained period — in our case, twelve months.
In other words, SOC 2 Type II doesn’t just confirm that we have security policies. It confirms that we actually follow them, consistently, over time.
What We Were Audited On
Our audit covered five trust service criteria:
Security — Protection against unauthorized access. This includes network security, access controls, encryption, vulnerability management, and incident response.
Availability — System uptime and reliability. We maintained 99.95% uptime during the audit period, with all incidents properly documented and resolved within SLA.
Processing Integrity — Accuracy and completeness of data processing. For VectorAutomate, this is especially important because our citation engine must maintain perfect fidelity between source documents and generated citations.
Confidentiality — Protection of customer data. Enterprise customers trust us with their most sensitive technical documentation. Our audit confirmed that this data is encrypted at rest and in transit, access-controlled by role, and never shared across customer boundaries.
Privacy — Proper handling of personal information. While VectorAutomate primarily processes technical documentation rather than personal data, our systems are designed to detect and handle PII in accordance with GDPR and CCPA requirements.
Why This Matters for Enterprise Buyers
If you’re evaluating AI platforms for your service organization, SOC 2 Type II certification should be on your requirements list. Here’s why:
It demonstrates that the vendor has mature security practices — not just documentation, but actual operational discipline. It simplifies your own compliance burden, because your auditors can rely on our SOC 2 report rather than conducting their own assessment of our controls. And it signals that the vendor is committed to the enterprise market, not just selling to startups with fewer compliance requirements.
Accessing the Report
Our SOC 2 Type II report is available under NDA to current and prospective customers. Contact your account manager or reach out to our sales team to request a copy.