Live SOC 2 program status.
Updated continuously. The current state of our SOC 2 Type II audit, control evidence collection, and the artifacts available for customer review.
Type II
Big Four firm engaged. Audit window: Q1 2026 through Q3 2026. Report expected November 2026. Letter of engagement available under NDA.
ISO 27001:2022
ISMS scope defined. Risk register complete. Statement of Applicability draft 3. Stage 1 audit scheduled Q3 2026.
HIPAA BAA
Template available off the shelf. Signed before any PHI work begins. Plutobee acts as Business Associate.
GDPR DPA
Standard template includes SCCs Module 2, Module 3, and UK IDTA addendum. Sub-processor list current as of last update.
Control families mapped.
Security (CC1-CC9): 100% control coverage. Evidence collection automated via Drata. Quarterly internal review.
Availability (A1): 99.9% target for standard customers. 99.95% for Enterprise. 99.99% for Strategic.
Confidentiality (C1): Encryption at rest, in transit, customer-managed KMS keys for Enterprise.
Privacy (P1-P8): Aligned to GDPR baseline. CCPA addendum. Data subject request fulfillment within 30 days.
Processing Integrity (PI1): Idempotent operations, change control, audit trails. Applicable to financial customer engagements.
Request the full attestation package.
Letter of engagement, control implementation evidence, sub-processor agreements, BAA, DPA, SCCs. NDA-bound.
Request the package →