How Quillio handles SOC 2 certification
Quillio maintains SOC 2 Type II certification covering the Security, Availability, and Confidentiality Trust Services Criteria. The audit period is 12 months. Reports are refreshed annually and available under NDA to enterprise firms for their own risk assessments.
Scope
The SOC 2 scope covers the Quillio application, supporting infrastructure, and internal controls. Security, Availability, and Confidentiality criteria are in scope. Processing Integrity and Privacy are on the roadmap for future inclusion.
Auditor
A recognised Australian accounting firm performs the audit. The SOC 2 Type II report covers the operating effectiveness of controls over a 12-month period, not just their design at a point in time.
How to get the report
Enterprise firms can request the current SOC 2 report under NDA. It is the right document for your IT risk team, procurement team, or compliance officer to complete their vendor review. Request through your account manager.
Common issues
- SOC 2 is US-originated but widely accepted in Australian enterprise procurement
- Processing Integrity is on the roadmap — current report does not include it
- SOC 2 does not replace Australian-specific certifications — see ISO 27001 article
Try Quillio on a real matter.
The fastest way to know if Quillio fits your practice is to use it on your own work. The free trial requires no credit card and no sales call.
Start your free trial