The achievement

We are proud to announce that Serixo has achieved SOC 2 Type II certification, following a rigorous six-month audit by an independent AICPA-accredited auditor. SOC 2 Type II is the most demanding enterprise security certification available: unlike Type I (a point-in-time assessment), Type II evaluates whether security controls are operating effectively over a sustained period — in our case, six months of continuous monitoring.

"SOC 2 Type II is not just a certificate — it is proof that your security programme works in practice, not just on paper."— Serixo CISO

Audit process

The audit covered all five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. The auditor reviewed 1,200+ controls across infrastructure, application security, access management, change management, and incident response. Zero exceptions were noted across any of the five criteria.

What it means

For our enterprise customers, SOC 2 Type II certification means simplified vendor risk assessments, reduced due diligence overhead, and confidence that their transaction data is handled with controls that meet the highest industry standards. For prospects evaluating Serixo against competitors, it is an objective third-party validation of our security posture.

What's next

SOC 2 Type II is the foundation, not the ceiling. We are currently in preparation for ISO 27001 certification (target Q3 2026) and PCI DSS Level 1 Service Provider certification (target Q4 2026). Our full compliance documentation, including the SOC 2 Type II report, is available to customers and qualified prospects under NDA upon request.