Sensys has completed a successful System and Organization Controls (SOC) 2 Type 2 examination for its systems, covering the Trust Services Criteria for Security and Availability. The audit was performed by an independent CPA firm in accordance with standards established by the American Institute of Certified Public Accountants (AICPA). This attestation confirms that our security and availability controls are not only designed appropriately but have operated effectively over a multi-month review period.
What SOC 2 Type 2 Certification Means
A SOC 2 Type 1 report evaluates the design of a company’s controls at a single point in time. A Type 2 report, which Sensys has achieved, goes further by assessing the operational effectiveness of those controls over an extended period (e.g., six to twelve months). This provides a higher level of assurance that security practices are consistently maintained.
Audited Controls
The SOC 2 audit covered our infrastructure, data handling processes, and operational procedures. Below are the key areas examined:
1. Architecture
- Infrastructure Security: The Sensys platform is built on Microsoft Azure. Azure is a leading global cloud provider, and its infrastructure is independently audited and certified for compliance standards including SOC 2 and ISO 27001.
- Data Redundancy and Recovery: Customer data is stored using Azure Zone-Redundant Storage (ZRS). ZRS synchronously replicates data across three distinct physical data centers within a single region. This design protects against data center-level failures. Additionally, we execute automated, encrypted backups daily to a secondary geographic region. These backups are subject to a defined data retention policy and tested regularly.
2. Data Protection & Encryption
Data is encrypted at all stages of its lifecycle:
- Encryption in Transit: All network communication with the Sensys platform is secured using Transport Layer Security (TLS) 1.2 or higher. We enforce HTTPS for all connections.
- Encryption at Rest: All customer data stored is encrypted using AES-256. This applies to databases, object storage, and backups.
- Centralized Secret Management: Sensys uses Azure Key Vault to manage all sensitive data, including cryptographic keys and passwords. This service stores all secrets within FIPS 140-2 Level 2 validated Hardware Security Modules (HSMs), providing a secure and tamper-resistant environment for all sensitive data.
3. Access Control
Access to production systems is governed by the principle of least privilege.
- Authentication: All user and employee access to internal systems requires multi-factor authentication (MFA).
- Authorization: We employ Role-Based Access Control (RBAC) to ensure that individuals and systems only have access to the resources necessary for their function. To further restrict access, we employ a just-in-time (JIT) model, where privileged access is granted temporarily for specific tasks and automatically revoked after a set period.
- Access Reviews: Access rights are reviewed monthly. An automated process flags anomalous access patterns for investigation.
4. Incident Response
Sensys maintains a documented incident response plan that is tested annually. The plan outlines procedures for detection, containment, eradication, and recovery from security incidents. Post-mortems are conducted to identify and implement improvements to our security posture.
What This Certification Means for Our Customers
By achieving SOC 2 Type 2 certification, Sensys has demonstrated:
- Ongoing commitment to protecting your data.
- Operational excellence validated by an independent third-party auditor.
- Trustworthiness and transparency in every part of our technology stack.
Whether you’re an existing client or exploring Sensys for the first time, this milestone assures you that your data is protected by industry-leading security controls.
A Word from the Head of Product
"At Sensys, we view security not as a feature, but as the fundamental bedrock of our platform. We build software for critical maintenance operations, and we know that reliability in the field starts with having a platform you can trust without reservation. This successful SOC 2 attestation is our promise to you, fulfilled through the security-by-design principles that guide our engineering."
