Compliance & security
SOC 2 Type II
Independent audit of a vendor's security controls over a period of time.
SOC 2 Type II reports describe how a vendor's security controls *actually operated* over a sustained period (typically 6โ12 months), not just at a point in time (Type I). It's the strongest routine signal that a vendor has a real security program.
Ask for the report under NDA before purchase, and check the report *date* โ an old SOC 2 is a yellow flag.