We're pleased to announce that Saccharo has completed its SOC 2 Type II audit, conducted by an independent third-party auditor. This certification validates that our systems, processes, and controls meet the rigorous standards required for handling sensitive procurement data.
What SOC 2 Type II Means
SOC 2 (Service Organization Control 2) is a compliance framework developed by the AICPA that evaluates how a company manages customer data based on five trust service criteria:
- Security — protection against unauthorized access
- Availability — systems are operational and accessible as committed
- Processing Integrity — data processing is complete, accurate, and authorized
- Confidentiality — information designated as confidential is protected
- Privacy — personal information is collected, used, and retained appropriately
The "Type II" designation means the audit evaluated not just the design of our controls, but their operational effectiveness over a sustained period — in our case, a six-month observation window.
Why It Matters for Government Vendors
Government procurement involves highly sensitive information: pricing strategies, proprietary methodologies, personnel data, and competitive intelligence. Organizations that handle this data need assurance that their tools meet enterprise security standards.
With SOC 2 Type II, Saccharo customers can be confident that:
- Their proposal data is encrypted at rest and in transit
- Access controls enforce least-privilege principles
- System changes go through a formal change management process
- Incident response procedures are tested and documented
- Regular vulnerability assessments and penetration tests are conducted
Our Security Posture
SOC 2 is one piece of our broader security program:
- AES-256 encryption for all data at rest
- TLS 1.3 for data in transit
- SSO and SAML 2.0 integration for enterprise identity management
- Role-based access control with granular permissions
- 99.9% uptime SLA backed by multi-region infrastructure
- Regular penetration testing by independent security firms
Access the Report
Existing customers and prospective clients can request a copy of our SOC 2 Type II report through their account manager or by contacting our team. We're committed to transparency about our security practices and happy to answer any questions.
Security is a feature, not an afterthought. Learn more about how Saccharo protects your data on our documentation site.