SOC 2 Type II

What is SOC 2 Type II?

SOC 2 Type II is an auditing standard created by the American Institute of Certified Public Accountants (AICPA) that sets compliance standards for a company’s security controls. We focused our controls around the Trust Service Criteria for: Security, Confidentiality, and Privacy. The reason why it’s important is that it provides independent third party validation that an organization has implemented and is operating with security best practices in place.

OneSignal's path to SOC 2 Type II compliance

In order for OneSignal to achieve SOC 2 Type II compliance, we worked with an independent auditing firm to identify key areas to implement security controls. All in all, we maintain over 75 controls covering everything from workstation security to encryption standards. The audit process includes verification of over 400 separate pieces of evidence over the course of 6 months. We are happy to say that over all this effort we were able to achieve an unqualified opinion (meaning all the controls were tested to operate properly) in our certification report.

Need a copy of our latest SOC 2 Type II Report?

For customers that are on our enterprise plan, we are happy to share a copy of our most recent SOC 2 Type II report. For those that are interested in learning more about our compliance efforts, reach out to our sales team for more details.