Phocas SOC2 Type II Compliance
Our ongoing commitment to data security
In 2021, Phocas received its first System and Organizational Controls 2 Type I (SOC2 Type 1) report. This review indicated our compliance with the SOC2 trust services criteria, held by the American Institute of Certified Public Accountants (AICPA).
In 2023, Phocas progressed from the Type I audit by successfully completing the SOC2 Type II examination. This external audit examined how well Phocas data security systems and controls performed over a 12-month period, reinforcing our ongoing commitment to data security for our customers and products.

What does this mean for us and our customers?
Data is at the core of everything we do at Phocas, and we take information security and privacy extremely seriously. We hold ourselves to the highest standards when it comes to data protection and continuously work hard to ensure our systems and technology meet industry standards.
To achieve the SOC2 Type II qualification, an independent examination was conducted by global cybersecurity assessment firm A-LIGN who validated Phocas’ security practices and controls over an extended period (12 months).
Our ongoing commitment to security
SOC2 demonstrates our strong commitment to security. As a customer, you gain the assurance that your data is protected and that our internal controls, policies, and procedures have been critically evaluated and match industry best practices.
We are committed to meeting the SOC2 standards on an ongoing basis, striving for a yearly SOC2 achievement.
Additionally, we continually train our people, review and implement processes and standards across all our business and customer-facing applications and platform.