Authentica Completes SOC 2® Type 1 Examination
Authentica has completed its SOC 2® Type 1 examination for security, independently verified by Prescient Assurance.
Authentica has completed its System and Organization Controls (SOC) 2® Type 1 examination, with an independent report issued by Prescient Assurance LLC as of February 27, 2026. The examination covers controls relevant to Security under the AICPA Trust Services Criteria.
What this means
A SOC 2 Type 1 report provides assurance that Authentica’s security controls are suitably designed to protect customer data. The examination evaluated our system description, infrastructure, policies, and procedures against the AICPA’s 2017 Trust Services Criteria for Security.
Key areas covered include:
- Access controls — Role-based access, multi-factor authentication, and quarterly access reviews
- Change management — Formal SDLC methodology with documented approval workflows
- Risk management — Annual risk assessments, penetration testing, and vulnerability scanning
- Incident response — Documented response plans tested at least annually
- Vendor management — Third-party risk assessments and documented security requirements
- Data protection — Encryption at rest and in transit, formal retention and disposal procedures
Our security infrastructure
The Authentica platform runs on AWS infrastructure with multiple layers of protection:
- Intrusion detection and continuous monitoring via GuardDuty and Datadog
- DDoS protection and web application firewall through Cloudflare
- Network segmentation and encrypted remote access
- Mobile device management for all endpoints
- Anti-malware protection across all systems
What’s next
This Type 1 report examines the design of our controls at a point in time. We are now working toward our SOC 2 Type 2 examination, which will evaluate the operating effectiveness of these controls over a sustained period.
For questions about our security practices or to request more information, contact us.