SOC 2 Type II announcement

Synergy Inc. announced today that SynergyOS has achieved SOC 2 Type II compliance for security, availability, processing integrity, confidentiality, and privacy in accordance with the American Institute of Certified Public Accountants (AICPA).

Data security is our north star in everything we do. We are very conscious of the fact that our customers trust us with one of their most important assets: their company information. SynergyOS has been designed from the ground-up to meet the most stringent security and compliance requirements, including the requirements of professional services firms and regulated industries, in particular financial services.

At SynergyOS, security is one of our core pillars and we constantly strive to not only meet but exceed industry standards as well as our customers’ expectations for security controls. Today, we are proud to announce that SynergyOS has achieved SOC 2 Type II compliance in accordance with the American Institute of Certified Public Accountants (AICPA) standard for SOC for Service Organizations. Achieving this standard with an unqualified opinion serves as third-party industry validation that Synergy Inc. provides enterprise-grade security for customer’s data secured in SynergyOS.

What is SOC 2 compliance?

SOC 2 is a security framework, audit, and attestation that specifies how organizations should protect customer data. The American Institute of Certified Public Accountants (AICPA) developed SOC 2 around Five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

  • Security: best security practices like Multi-Factor Authentication (MFA), access controls, identity management, encryption, thread alerts, and firewalls.
  • Availability: systems to ensure uptime, timely disaster recovery, and incident management.
  • Processing integrity: system processing is complete, accurate, timely, and authorized. This includes quality assurance and application monitoring.
  • Confidentiality: data is safe from unauthorized access following best security standards such as encryption, access controls and Multi-Factor Authentication (MFA).
  • Privacy: confidential information is protected and personally identifiable information adheres to the organization’s data usage and privacy policy.

There are two types of SOC 2 compliance and both require an external audit:

  • Type I: the company is compliant at a point in time.
  • Type II: the company stays compliant during an observation window, typically 6 months to a year.

Auditor: Prescient Assurance

Synergy Inc. was audited by Prescient Assurance, a leader in security and compliance attestation for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provides risk management and assurance services which includes but is not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR. For more information about Prescient Assurance, you may reach out them at

An unqualified opinion on a SOC 2 Type II audit report demonstrates to Synergy Inc.’s current and future customers that they manage their data with the highest standard of security and compliance.

For any questions about our security and compliance, or to access the SOC 2 report, feel free to reach out to

The SynergyOS team