SOC 2

System and Organization Controls (SOC) 2 reports are independent third-party examination reports that demonstrate how an organization achieves key compliance controls and objectives.

SOC 2 reports are based on the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) existing Trust Services Criteria (TSC). The purpose of the report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.

MapZot.AI undergoes rigorous independent third-party SOC 2 audits conducted by a reputable certified public accountant (CPA) firm to certify individual products on a regular basis. The audit firm evaluates whether MapZot.AI’s compliance controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period.

MapZot.AI is SOC 2 Type 2 certified, reflecting our ongoing commitment to safeguarding customer data and maintaining strong internal controls.

Standards Used:

SOC 2 reports are attestation examinations conducted in accordance with the SSAE 18 standard, specifically sections AT-C 105 and AT-C 205, as governed by the American Institute of Certified Public Accountants (AICPA).

FAQs

What is the report?

A SOC 2 Type 2 report is an independent attestation that evaluates how a company manages data based on defined trust criteria. It provides a detailed assessment of the effectiveness of internal controls over a specific period of time.

---

Under what standard is the audit report performed?

The audit is conducted in accordance with the AICPA’s SSAE 18 standard, specifically AT-C sections 105 and 205, which govern attestation engagements and examination-level procedures.

---

What’s the primary purpose of the report?

• SOC 2: Security, Availability, Confidentiality, & Privacy

To provide customers and users with a business need with an independent assessment of MapZot.AI's control environment relevant to system security, availability, confidentiality, and privacy.

---

Who is the primary audience of the report?

This report is intended for current and prospective customers, partners, auditors, and regulators who require assurance that MapZot.AI’s systems are designed and operated with strong data protection and compliance in mind.

---

Why is MapZot.AI SOC 2 Type 2 certified?

At MapZot.AI, data privacy and operational excellence are core to our mission.

Achieving SOC 2 Type 2 certification validates our commitment to maintaining trust, transparency, and compliance, and ensures that our clients can rely on us to handle sensitive data securely and responsibly.

---

Is a non-disclosure agreement (NDA) required to receive the MapZot.AI SOC 2 Type 2 report?

Yes. Due to the sensitive and confidential nature of the report, we require a signed Non-Disclosure Agreement (NDA) before sharing our SOC 2 Type 2 attestation.

The report contains detailed information about our internal security controls and system architecture, and is made available only for legitimate due diligence purposes.

To request access, please contact us at compliance@mapzot.com

---