---
path: /security
title: "Security — SOC 2 Type II, SOX-ready, ASOP-aware"
description: "Tesora's security posture: SOC 2 Type II, SOX-ready rating engine, ASOP-aware documentation, customer-managed encryption keys."
section: Company
priority: 0.6
changefreq: monthly
source_file: pages/marketing/SecurityPage.tsx
---
# Security — SOC 2 Type II, SOX-ready, ASOP-aware

# Built for one of the most heavily regulated industries

Tesora was built by actuaries who understand the regulatory frameworks, and serves people who operate under those frameworks every day.

**AICPA SOC 2 Type II badge**

## SOC 2 Type II audited, SOX-aligned, actuarial standards-aware

Tesora is audited annually against the AICPA SOC 2 trust services criteria for security, availability, processing integrity, and confidentiality.

### Trust center

Live SOC 2 report, subprocessor list, and current control status on our Secureframe Trust Center. Procurement teams can request access in one click.

How customer data is stored, isolated, and used. For the formal collection and disclosure language, see our Privacy Policy .

## On-prem or hosted in an isolated environment

Most carriers deploy Tesora in a hosted environment with full encryption and per-tenant isolation. For carriers with internal-only model policies, Tesora supports on-prem deployment with model inference in the carrier's own VPC. Same audit trail, same control plane, same agents.