---
path: /security
title: "Security — SOC 2 Type II, SOX-ready, ASOP-aware"
description: "Tesora's security posture: SOC 2 Type II, SOX-ready rating engine, ASOP-aware documentation, customer-managed encryption keys."
section: Company
priority: 0.6
changefreq: monthly
source_file: pages/marketing/SecurityPage.tsx
---
# Security — SOC 2 Type II, SOX-ready, ASOP-aware

# Enterprise Security, Zero Data Retention, Full Audit Trail

Audited against the AICPA SOC 2 Type II trust services criteria for security, availability, processing integrity, and confidentiality. Report available under mutual NDA.

**AICPA SOC 2 Type II badge**

## SOC 2 Type II audited. SOX-ready. ASOP-aware.

Tesora is audited annually against the AICPA SOC 2 Type II trust services criteria for security, availability, processing integrity, and confidentiality. Report available under mutual NDA.

## Effortless review, without lowering the bar.

We have sat through enough vendor reviews to know where they stall. So we pre-package the answers. SIG Lite and CAIQ questionnaires filled out in advance. SOC 2 Type II report, pen-test summary, and architecture and data-flow diagrams ready under NDA. A named security contact on every account. The compliance posture above does not move. What moves is how fast your IT and security teams can sign off, so the actuaries can get back to pricing.

## Cloud-hosted by default. On-prem for carriers that require it.

Most carriers deploy Tesora in our hosted environment with full encryption and per-tenant isolation. For carriers with internal-only model policies, Tesora supports on-prem deployment with model inference in the carrier's own VPC. Same audit trail, same control plane, same agents.