> ## Documentation Index
> Fetch the complete documentation index at: https://adapt.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# SOC 2 Compliance

> Adapt's SOC 2 Type II certification

Adapt is SOC 2 Type II certified. An independent auditor tested our controls over an extended period and issued a clean opinion with no exceptions. This page describes our security program and the controls we have in place.

## What is SOC 2?

SOC 2 (Service Organization Control 2) is a compliance framework developed by the American Institute of CPAs (AICPA). It evaluates how organizations manage customer data based on five Trust Services Criteria:

1. **Security**: Protection against unauthorized access
2. **Availability**: System accessibility as agreed
3. **Processing Integrity**: Accurate and authorized processing
4. **Confidentiality**: Protection of confidential information
5. **Privacy**: Personal information handling

## Our Certification Program

### SOC 2 Type II (Certified)

* **Scope**: Security, Availability, Confidentiality
* **Auditor**: MJD Advisors (independent third-party firm)
* **Result**: Clean opinion, no exceptions
* **Coverage**: Entire Adapt platform

Type II certification means controls are tested over time (not just at a point in time), providing assurance that security practices are consistently maintained.

## Trust Services Criteria

### Security

Controls we have in place:

| Control Area      | Implementation                            |
| ----------------- | ----------------------------------------- |
| Access control    | Role-based permissions, MFA               |
| Network security  | Firewalls, VPC isolation, DDoS protection |
| Encryption        | TLS 1.3 in transit, AES-256 at rest       |
| Monitoring        | Continuous logging and alerting           |
| Incident response | Documented procedures and team            |

### Availability

How we ensure uptime:

* **Infrastructure**: Multi-zone deployment on Google Cloud
* **Redundancy**: No single points of failure
* **Monitoring**: 24/7 system monitoring
* **Disaster recovery**: Documented and tested DR plan

### Confidentiality

How we protect your data:

* **Encryption**: All data encrypted at rest and in transit
* **Access control**: Least privilege access principles
* **Data isolation**: Complete separation between organizations
* **Retention**: Clear data retention and deletion policies
* **Third parties**: Vendor security assessments

## Continuous Compliance

Our compliance program includes:

### Ongoing Activities

* **Continuous monitoring**: Automated security controls
* **Regular testing**: Penetration tests, vulnerability scans
* **Employee training**: Security awareness program
* **Policy reviews**: Regular policy updates
* **Vendor management**: Third-party risk assessments

## Security Questionnaires

We can help with your vendor security assessments:

* **CAIQ**: Cloud Security Alliance questionnaire
* **SIG**: Standardized Information Gathering
* **Custom**: Your organization's security questionnaire

Contact [security@adapt.com](mailto:security@adapt.com) for questionnaire support.

## Questions?

For compliance-related questions:

* **Email**: [security@adapt.com](mailto:security@adapt.com)
* **Enterprise**: Contact your account manager

<CardGroup cols={2}>
  <Card title="Security Overview" icon="shield" href="/security/overview">
    Complete security documentation
  </Card>

  <Card title="Data Encryption" icon="lock" href="/security/data-encryption">
    How we protect your data
  </Card>
</CardGroup>
