Audit Details
| Attribute | Value |
|---|---|
| Report Type | SOC 2 Type 1 |
| Auditor | A-LIGN Assurance |
| Report Date | April 15, 2025 |
| Trust Service Categories | Security, Availability, Confidentiality |
What SOC 2 Type 1 Means
SOC 2 (System and Organization Controls 2) is an auditing standard developed by the American Institute of CPAs (AICPA). A Type 1 report evaluates whether an organization’s controls are suitably designed to meet the relevant trust principles at a specific point in time.Trust Service Categories Covered
Security- Protection against unauthorized access
- System boundary protection
- Logical and physical access controls
- System availability for operation and use
- Performance monitoring
- Disaster recovery and business continuity
- Protection of confidential information
- Data classification and handling
- Secure data disposal
Key Control Areas
The SOC 2 audit evaluated Govly’s controls across the following areas:Infrastructure and Operations
- Cloud infrastructure security (AWS)
- Network segmentation and firewalls
- System hardening and patching
- Backup and recovery procedures
Access Management
- User authentication and authorization
- Role-based access controls
- Privileged access management
- Access reviews and recertification
Human Resources
- Background checks for employees
- Security awareness training
- Acceptable use policies
- Termination procedures
Risk Management
- Risk assessment processes
- Vulnerability management
- Penetration testing
- Incident response procedures
Vendor Management
- Third-party risk assessments
- Vendor security reviews
- Contract security requirements
- Ongoing monitoring
Change Management
- Change control procedures
- Code review requirements
- Testing and staging environments
- Deployment controls
Auditor Information
A-LIGN Assurance is an AICPA-accredited firm providing:- SOC 1 and SOC 2 attestation services
- ISO 27001 certification
- PCI DSS assessments
- HITRUST certification
- FedRAMP assessments
Requesting the Report
The full SOC 2 Type 1 report is available to customers and prospective customers under NDA. To request a copy:- Contact [email protected]
- Provide your organization name and contact information
- Sign the standard NDA (if not already in place)
- Receive the full report within 2 business days
SOC 2 Type 2 Status
Govly is currently undergoing SOC 2 Type 2 assessment, which evaluates the operating effectiveness of controls over a period of time (typically 6-12 months). Expected completion: Q2 2025.Continuous Compliance
Beyond point-in-time audits, Govly maintains continuous compliance through:- Automated Monitoring - Real-time control effectiveness monitoring
- Regular Assessments - Quarterly internal security reviews
- Penetration Testing - Annual third-party security assessments
- Employee Training - Ongoing security awareness programs