What “built for SOC 2 Type II” means for institutional buyers
SOC 2 Type II is an independent audit of how a service organization protects customer data — security, availability, confidentiality — observed over a period of time rather than at a single moment. Saying a platform is built for SOC 2 Type II certification means the architecture is designed to pass that audit, with certification on the timeline; it is a statement about how the system is built, not a claim that the certificate is already held.
TL;DR. Institutional buyers run a security review before they run a pilot. DealAnalysis is built for SOC 2 Type II certification, with ISO 27001, ISO 27701 and Cyber Essentials Plus on the same path, and the data architecture — private tenancy, encryption, access control — is in place today. This page is the plain-language version of what a procurement team needs to see.
“Built for” vs “certified” — why the wording matters
A vendor that claims a certification it doesn’t hold fails the first question of any serious security review. The honest statement is the precise one: the platform is built for SOC 2 Type II certification — the architecture and controls are designed to the standard, and the audit sits on the timeline. A buyer can verify architecture today and track certification as it completes, rather than taking a badge on trust.
What’s in place today
| Area | Commitment |
|---|---|
| Hosting & residency | Microsoft Azure, private tenancy, regional data residency |
| Tenancy | Tenant isolation; client data segregated; dedicated tenancy where required |
| Encryption | AES-256 at rest, TLS 1.3 in transit |
| Access | Single sign-on, multi-factor authentication, role-based access control |
| Confidentiality | NDA-safe by architecture |
The certifications on the path
The platform is built for SOC 2 Type II certification, with ISO 27001 (information security management), ISO 27701 (privacy) and Cyber Essentials Plus on the same path — and more as the company enters new markets. These overlap heavily, so the architecture that satisfies one is largely the architecture that satisfies the rest.
Why this pairs with provenance
Security keeps your data safe; provenance keeps your numbers honest. The same architectural discipline that makes the platform auditable from a security standpoint makes every figure auditable from an analysis standpoint — each number labeled as observed, estimated or computed, and traceable to its source.
FAQ
Is DealAnalysis SOC 2 certified today?
It is built for SOC 2 Type II certification, with the architectural foundation in place and the audit on the timeline. It does not claim to hold the certificate.
Where is data hosted?
On Microsoft Azure, in a private, tenant-isolated environment with regional data residency.
Can we run a security questionnaire?
Yes — the architecture is designed for institutional procurement; request a conversation through the contact form.