Skip to main content
Adapt is committed to achieving SOC 2 Type II certification, with expected completion in early 2026. This page describes our security program and the controls we’re implementing.

What is SOC 2?

SOC 2 (Service Organization Control 2) is a compliance framework developed by the American Institute of CPAs (AICPA). It evaluates how organizations manage customer data based on five Trust Services Criteria:
  1. Security: Protection against unauthorized access
  2. Availability: System accessibility as agreed
  3. Processing Integrity: Accurate and authorized processing
  4. Confidentiality: Protection of confidential information
  5. Privacy: Personal information handling

Our Certification Program

SOC 2 Type II (In Progress)

  • Scope: Security, Availability, Confidentiality
  • Auditor: Independent third-party firm
  • Expected completion: Early 2026
  • Coverage: Entire Adapt platform
Type II certification means controls are tested over time (not just at a point in time), providing assurance that security practices are consistently maintained.

Trust Services Criteria

Security

Controls we’re implementing:
Control AreaImplementation
Access controlRole-based permissions, MFA
Network securityFirewalls, VPC isolation, DDoS protection
EncryptionTLS 1.3 in transit, AES-256 at rest
MonitoringContinuous logging and alerting
Incident responseDocumented procedures and team

Availability

How we ensure uptime:
  • Infrastructure: Multi-zone deployment on Google Cloud
  • Redundancy: No single points of failure
  • Monitoring: 24/7 system monitoring
  • Disaster recovery: Documented and tested DR plan

Confidentiality

How we protect your data:
  • Encryption: All data encrypted at rest and in transit
  • Access control: Least privilege access principles
  • Data isolation: Complete separation between organizations
  • Retention: Clear data retention and deletion policies
  • Third parties: Vendor security assessments

Continuous Compliance

We’re building a compliance program that includes:

Ongoing Activities

  • Continuous monitoring: Automated security controls
  • Regular testing: Penetration tests, vulnerability scans
  • Employee training: Security awareness program
  • Policy reviews: Regular policy updates
  • Vendor management: Third-party risk assessments

Security Questionnaires

We can help with your vendor security assessments:
  • CAIQ: Cloud Security Alliance questionnaire
  • SIG: Standardized Information Gathering
  • Custom: Your organization’s security questionnaire
Contact security@adapt.com for questionnaire support.

Questions?

For compliance-related questions:

Security Overview

Complete security documentation

Data Encryption

How we protect your data