Trust & Security

SOC 2 Type II Certified — Tested,
Not Just Designed

Summitas has maintained SOC 2 Type II certification since 2021, with a 19-year track record of zero findings from independent security audits. Our controls aren’t just designed effectively — they’re verified over sustained periods by third-party auditors.

What Makes Type II Different

Many vendors achieve SOC 2 Type I, which only confirms that security controls exist at a single point in time. Type II goes further — it tests whether those controls actually work, consistently, over a period of six to twelve months.

Type I

Controls Are Designed

Evaluates whether security controls exist and are properly designed — at a single point in time. A snapshot.

Type II

Controls Are Proven

Evaluates whether security controls actually work effectively over 6–12 months of continuous operation. Ongoing proof.

Five Trust Service Criteria

Our SOC 2 report covers all five trust service criteria defined by the AICPA — not just security, but the full picture of how we handle your data.

Security

Protection against unauthorized access to systems and data through encryption, firewalls, access controls, and monitoring.

Availability

The system is available for operation and use as committed. We maintain a 99.9% uptime SLA with geographic redundancy.

Processing Integrity

Data processing is complete, valid, accurate, timely, and authorized. What goes in is what comes out — nothing altered, nothing lost.

Confidentiality

Information designated as confidential is protected as committed. Access is restricted to authorized personnel only.

Privacy

Personal information is collected, used, retained, disclosed, and disposed of in accordance with our published privacy commitments.

How We Protect Your Data

Security isn’t a feature we bolt on. It’s the foundation everything else is built on.

Encryption at Rest

All data encrypted with 256-bit AES — the same standard used by banks and government agencies.

Encryption in Transit

TLS 1.3 protects every data stream between your browser and our servers. No exceptions.

Certified Infrastructure

Hosted in SOC 2 certified data centers with geographic redundancy and 99.9% uptime SLA.

Continuous Testing

Annual penetration testing, vulnerability assessments, and automated threat detection and alerting.

“We reviewed Summitas security. We found no faults.”

— Chief Information Security Officer, Large Single Family Office

Request Our SOC 2 Report

We share our SOC 2 Type II report under NDA with prospective and current clients.

Let’s Connect