SOC 2 Compliance

TIDALBAY maintains SOC 2 Type II certification, demonstrating our commitment to security, availability, and confidentiality of customer data.

Certification Status

Trust Service Criteria Coverage

Security (Common Criteria)

• Logical and physical access controls
• System operations monitoring
• Change management procedures
• Risk mitigation processes
• Incident response and management

Availability

• 99.99% uptime SLA with monitoring
• Disaster recovery and business continuity plans
• Automated failover and redundancy
• Capacity planning and performance monitoring

Confidentiality

• Data encryption at rest and in transit
• Access controls and least privilege
• Data classification and handling procedures
• Secure data disposal processes

Controls Relevant to Customers

Access Management

• Role-based access control (RBAC) for all platform users
• Multi-factor authentication required for admin access
• Access reviews conducted quarterly
• Audit logs for all administrative actions

Data Protection

• AES-256 encryption for data at rest
• TLS 1.3 for data in transit
• Key management with regular rotation
• Secure backup with encryption

Change Management

• Documented change management process
• Code reviews required for all changes
• Automated testing and CI/CD pipeline
• Separation of development and production environments

TIDALBAY for Your SOC 2 Audit

TIDALBAY also helps your organization meet SOC 2 requirements for security awareness:

• CC1.4: Security awareness training records and completion tracking
• CC3.2: Risk assessment through continuous employee scoring
• CC6.1: Logical access monitoring via IdP integration
• CC7.2: Security event monitoring and automated response

Next Steps

• Security overview
• Data privacy
• GDPR compliance