Skip to main content
Skip to content

Security & SOC 2

Yes. Coassemble holds both SOC 2 Type 1 and SOC 2 Type 2, independently audited standards for how we protect customer data. Type 2 is the more rigorous of the two and the one most organisations will care about, because it verifies our controls work over time, not just at a single moment. If you're putting content, learner information, or business insights into Coassemble, this is your assurance that we manage that data to a recognised standard.

What SOC 2 is

SOC 2 is an auditing standard from the American Institute of CPAs (AICPA). It assesses how a company manages data against five trust service criteria: security, availability, processing integrity, confidentiality, and privacy. Passing means we've implemented and maintained strict controls and had them verified by a third-party audit.

The difference between the two reports:

  • Type 1 checks that the right controls are in place at a specific point in time.
  • Type 2 goes further, verifying that those controls operate effectively over an extended period. This is the more thorough assessment.

What it means in practice

  • Your data is protected with strong access controls, encryption, and continuous monitoring.
  • Our systems are built for reliability, with processes to maintain uptime and recover quickly from incidents.
  • Our policies, security practices, and infrastructure have been independently audited, not just self-declared.

What this means for you

  • You can confidently use Coassemble for sensitive or compliance-related training, including in regulated industries like finance, health, education, and HR tech.
  • Your stakeholders, legal team, or data protection officer can verify we meet a recognised standard for data security.
  • SOC 2 is part of a broader, ongoing commitment to improving the platform's resilience and transparency, not a one-off certification.

Where to get documentation

Our SOC 2 reports and other security documentation are available through the Coassemble Trust Centre. If you need a Data Processing Agreement (DPA) for your own records, contact our team.

This article is maintained in our help centre. View the original ↗