SOC 2 Type II
Active
Issued January 2026
Request AccessOur Trust Centre
We practice what we preach. The same rigour we apply to your controls applies to our own operations—documented, tested, and available under NDA to qualified counterparties.
Assurance posture
Compliance & accreditation
Summary status for programmes most frequently requested during vendor security reviews. Detailed evidence packs are shared through our secure diligence portal.
ISO 27001
Active
Issued March 2025
Request AccessANAB Accreditation
Active
Accreditation maintained
Request AccessIAS Accreditation
Active
Accreditation maintained
Request AccessGovernance
Transparency commitment
We hold ourselves to the same bar we apply on your engagements — documented controls, independent testing, and timely renewal of every accreditation that backs our work.
ABM Audit undergoes its own annual SOC 2 Type II examination over the security, availability, and confidentiality of firm-managed systems and client evidence workflows. The same evidence standards we expect from you are applied to our operations and reviewed by an independent CPA firm.
Certification body accreditations (including ANAB and IAS recognition) are renewed on an annual cycle with surveillance activities, ensuring our certification activities remain aligned with international conformity assessment requirements.
Third parties
Subprocessors & infrastructure
Key vendors that process or store firm or client data on our behalf. Full schedules and DPAs are available in diligence packages.
| Subprocessor | Purpose | Compliance status |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure and encrypted storage for engagement tooling and secure portals. | SOC 2 / ISO 27001 reports reviewed annually; DPA in place. |
| Google Workspace | Corporate email, calendar, and document collaboration for ABM staff. | Google Cloud & Workspace attestations on file; SSO and DLP enabled. |
| HubSpot | CRM and marketing automation for prospect and client communications. | SOC 2 Type II; data processing agreement and regional hosting options. |
| Vanta | Internal compliance automation and evidence workflows for firm SOC 2 programme. | SOC 2 Type II; subprocessors disclosed in vendor diligence. |
Controls
Security practices
High-level technical and organisational measures that protect client evidence and firm systems.
Encryption at rest & in transit
AES-256 storage, TLS 1.2+ for all client-facing services, and key management aligned with ISO 27001 Annex A.
Multi-factor authentication
Mandatory MFA for all corporate identities, privileged access, and customer diligence portals.
Annual penetration testing
Independent third-party assessments of external perimeters and critical internal applications.
Employee security training
Role-based onboarding, phishing simulations, and annual refreshers on classification and incident reporting.
Risk transfer & data
Insurance & data handling
Enterprise procurement teams routinely ask how we protect client information and what financial backstops exist if something goes wrong. Here is how we answer.
Professional liability (E&O)
ABM Audit maintains errors and omissions insurance appropriate to the scale and complexity of attestation and advisory engagements. Certificates of insurance are available under NDA as part of vendor onboarding.
Cyber liability
Dedicated cyber liability coverage supports incident response costs, regulatory notifications where applicable, and third-party claims arising from security events affecting firm-controlled systems.
Data handling policies
Client evidence is processed under documented classification, retention, and disposal rules aligned with ISO 27001 and contractual commitments. Subprocessors are assessed and listed in our privacy documentation.
Report Verification
Verify report authenticity
Every ABM Audit report and certificate includes a unique confirmation number. Third parties — investors, enterprise buyers, regulators — can verify the authenticity and current status of any report using our public verification tool.
Verify a ReportVerified Authentic
ABM-2026-SOC2-0847
Report TypeSOC 2 Type II
OrganizationCloudVault T***
IssuedApril 20, 2026
Need our latest SOC 2 report or ISO certificate?
We route diligence requests through a single secure workflow so your security and legal teams get answers without chasing individual auditors.