skip to main content

VelocityEHS SOC 2

What is SOC 2 Type II?

SOC 2 Type II attestation involves an intensive third-party audit conducted over the course of several months to ensure that the organization (VelocityEHS), its policies and procedures, data infrastructure, and software applications are designed and operated in accordance with the Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy set forth by the American Institute of Certified Professional Accountants (AICPA).

Soc Service Org B Marks 2c Web 300x275

Why Does SOC 2 Matter?

Why SOC 2 Type II Certification Matters

According to the AICPA, SOC 2 Type II attestation “helps differentiate entities from their competitors by demonstrating to stakeholders that the entities are attuned to the risks posed by their environment and equipped with the controls that address those risks.” The world’s leading software research and advisory company, Gartner, Inc., recommends that as part of the vetting process, SaaS customers obtain a written report issued by an accredited third-party auditor attesting to the vendor’s SOC 2 compliance. If a vendor does not or cannot provide such a certification, customers are ultimately left to conduct their own costly and time-consuming audit if they wish to thoroughly and accurately assess the potential risks to their business created by the use of the application.

With our SOC 2 Type II attestation, VelocityEHS has eliminated this uncertainty and made it both easy and cost-effective for companies of any size to verify that our company and our software solutions:

  1. Adhere to the most stringent and widely recognized standards for data security, privacy, accessibility and system integrity.
  2. Are compliant with SOC 2 Type II criteria across our entire solution stack, including services for data colocation, cloud hosting, and disaster recovery.
  3. Are third-party verified that we have taken every possible measure to ensure the security and integrity of our customers’ data.

Call us at 1.866.919.7922 to request a copy of our Auditwerx SOC 2 Type II Audit Report

AICPA Trust Services Principles

AICPA Trust Services Principles


Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.


Information and systems are available for operation and use to meet the entity’s objectives.

Processing Integrity

System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.


Information designated as confidential is protected to meet the entity’s objectives.


The system’s collection, use, retention, disclosure, and disposal of personal information are in conformity with the commitments in the service organization’s privacy notice, and with criteria set forth in the Generally Accepted Privacy Principles (GAPP) issued by the AICPA and CPA Canada

The VelocityEHS SOC 2 Advantage

The VelocityEHS Advantage

Many EHS software vendors say they are fully SOC 2 Type II compliant, but this isn’t always true. It’s often the case that only one or perhaps a handful of the controls in their solution stack have actually been verified for compliance with SOC 2 Type II control standards — leaving their customers vulnerable to system intrusions, data loss, and threats to the privacy of confidential information.

Data Security & Privacy Control Categories

  • Organization and Management
  • Communication
  • Risk Management and Design and Implementation of Controls
  • Monitoring
  • Logical and Physical Access (Data Center handles Physical Access)
  • Systems Operations
  • Change Management
  • Availability (Data Center handles part of availability)

VelocityEHS stands apart from other EHS software vendors in this regard. Each category of data security and privacy controls within our solution stack has been individually audited for compliance with SOC 2 Type II standards. These include the software application itself, our off-site data centers, cloud hosting environment, disaster recovery services and other data infrastructure, as well as our development, support, personnel and office administration policies. We take the security and privacy of your data seriously, and have put the people and processes in place necessary to give you the highest possible level of protection.

In addition, adherence to SOC 2 standards ensures that the VelocityEHS solution is closely aligned with a wide range of other national and international data protection requirements, including PIPEDA (Personal Information Protection and Electronic Documents Act), ISO 27001, HIPAA, CSAE 3416 Type 2, ISAE 3402 Type 2, EU-GDPR, Privacy Shield and similar Safe Harbor principles.

As a true cloud-based SaaS solution, the VelocityEHS Platform has proven to be more secure than any of the hosted EHS software solutions on the market. Our solutions are accepted by more organizations as meeting their security standards than any other EHS software provider…period.

It’s just one more reason why over 10 million users worldwide trust VelocityEHS to help them meet their EHS data management needs.