SOC 2 Type II
This feature requires TalkWriter Enterprise. Contact Sales →
TalkWriter holds a SOC 2 Type II certification, independently audited by a third-party firm. This report gives Enterprise customers confidence that our security controls are not just designed well but are operating effectively over time.
What Is SOC 2?
SOC 2 (Service Organization Control 2) is a security framework developed by the American Institute of CPAs (AICPA). It evaluates how a company protects customer data based on five Trust Service Criteria.
SOC 2 Type I vs. Type II
| Type I | Type II | |
|---|---|---|
| What it evaluates | Control design at a point in time | Control effectiveness over a period |
| Audit duration | Single date | 6-12 month observation period |
| Confidence level | Controls exist | Controls work consistently |
| TalkWriter status | ✅ Completed | ✅ Completed |
Trust Service Criteria in Scope
| Criteria | In Scope | Description |
|---|---|---|
| Security | ✅ | Protection against unauthorized access |
| Availability | ✅ | System uptime and reliability |
| Confidentiality | ✅ | Protection of sensitive information |
| Processing Integrity | ✅ | Accurate and complete data processing |
| Privacy | ✅ | Personal data handling practices |
What the Audit Covers
Our SOC 2 audit evaluates:
- Access controls — How we authenticate users and restrict access to systems
- Encryption — TLS 1.3 in transit and AES-256 at rest
- Data handling — Zero retention of audio and text content
- Incident response — Detection, escalation, and resolution procedures
- Change management — How we deploy code and infrastructure changes
- Monitoring — Continuous logging and alerting on security events
- Vendor management — Security review of subprocessors
Requesting the Report
Enterprise customers can request a copy of our SOC 2 Type II report:
- Email security@talkwriter.ai
- Include your organization name and Enterprise account email
- You will receive the report under NDA within 2 business days
FAQ
How often is the audit conducted? Annually. Each audit covers the preceding 12-month period.
Who performs the audit? An independent, AICPA-accredited third-party auditing firm.
Can I share the report with my compliance team? Yes. The report is shared under NDA and can be reviewed by your security and legal teams.