Security & Compliance

Sembix has completed a System and Organization Controls (SOC 2®) examination, demonstrating our commitment to protecting customer systems and data.

Visit Trust Center

What Is a SOC 2 Examination?

A SOC 2 examination is an independent assessment conducted by a licensed CPA firm evaluating an organization's controls relevant to one or more of the AICPA Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

Unlike a checklist or self-assessment, a SOC 2 examination involves an independent service auditor testing the design and operating effectiveness of controls over a defined period. The result is a SOC 2 report that provides detailed transparency into how an organization manages risk.

AICPA SOC for Service Organizations

Our SOC 2 Examination

Sembix received a SOC 2 report from an independent service auditor covering controls relevant to the following Trust Services Criteria:

Security

Protection of systems and data against unauthorized access

Availability

System uptime and operational reliability

Confidentiality

Protection of information designated as confidential

Control Areas Covered

The SOC 2 examination covered controls across the following areas of our operations:

Access Management

Role-based access, authentication, and least-privilege policies

System Monitoring

Continuous logging, alerting, and anomaly detection

Change Management

Controlled development, testing, and deployment processes

Incident Response

Defined procedures for identifying, escalating, and resolving events

Vendor Management

Due diligence and oversight of third-party service providers

Data Protection

Encryption in transit and at rest, classification, and retention

Business Continuity

Disaster recovery planning and operational resilience

Personnel Security

Background checks, security training, and access provisioning

Why This Matters for Our Customers

Government agencies, education organizations, and regulated enterprises require assurance that technology partners manage risk responsibly. A SOC 2 report provides independent, third-party transparency into how Sembix protects systems and information.

Procurement Requirements

Helps satisfy vendor risk assessment and security questionnaire requirements common in public sector and enterprise procurement.

Customer Confidence

Provides independent evidence of security controls beyond self-attestation.

Regulatory Alignment

Supports compliance with frameworks and regulations that reference independent control assessments.

Frequently Asked Questions

Is a SOC 2 examination a certification?

No. A SOC 2 examination is an independent assessment conducted by a CPA firm, resulting in a report. It is not a certification, accreditation, or pass/fail test.

Can I review the SOC 2 report?

SOC 2 reports are intended for a defined audience and are shared under NDA. Visit our Trust Center to request access.

What Trust Services Criteria were included?

Our SOC 2 examination addressed controls relevant to security, availability, and confidentiality.

Who conducted the examination?

Our SOC 2 examination was conducted by an independent, licensed CPA firm. Contact us for details.

How often is the examination performed?

We intend to undergo SOC 2 examinations on a recurring basis to maintain ongoing assurance.

Questions About Security?

Visit our Trust Center to learn more about how Sembix protects customer systems and data, or contact our team directly.

Visit Trust Center security@sembix.ai