BearPlex is undergoing a formal SOC 2 Type II audit to independently verify our security controls. This process evaluates our systems over a multi-month observation period to ensure consistent, enterprise-grade security practices.
Security policies, access controls, and technical safeguards implemented across all systems.
Active monitoring and evidence collection across AWS, GitHub, Google Workspace, and Cloudflare.
Third-party CPA firm conducts formal audit, reviews evidence, and interviews key personnel.
Final SOC 2 Type II report issued, available to clients and partners under NDA.
These controls have been implemented and are being actively monitored throughout the observation period.
Multi-factor authentication enforced across all platforms. Role-based access with least privilege principle.
Real-time logging and monitoring across all infrastructure. 12-month log retention with automated alerting.
All production changes go through documented review and approval. Full audit trail on every deployment.
Encryption at rest and in transit. Automated vulnerability scanning. Regular backup and recovery testing.
Third-party vendors assessed and monitored continuously. Only SOC 2 compliant vendors in our supply chain.
Documented incident response plan with defined escalation paths. Regular tabletop exercises and post-mortems.
We're happy to share our security posture details, policies, and audit progress with prospective clients and partners under NDA.
Request Documentation