CoreForge Data
Get started
Compliance

What “SOC 2 ready” means at CoreForge.

“SOC 2 ready” means the controls are designed, documented, and operating — but an independent CPA firm has not yet issued the final attestation report. Here's where we are and what's next.

Controls in place

Access management, encryption, change management, incident response, vendor management, vulnerability management, business continuity.

Independent audit

Engaged with a Big-4-adjacent CPA firm. Type I scheduled Q3 2026.

What you can get today

Security questionnaire (SIG-Lite), penetration test summary, and Type I bridge letter when issued.

Phase 1 — Readiness
completeQ1 2026
  • Trust Services Criteria mapped to platform controls
  • Security policies, IR plan, SDLC documented
  • Continuous monitoring tooling deployed
Phase 2 — Type I audit
in progressQ3 2026
  • Independent CPA firm engaged
  • Point-in-time control design review
  • Type I report available under NDA
Phase 3 — Type II observation
plannedQ4 2026 – Q2 2027
  • 6-month operating-effectiveness observation window
  • Quarterly evidence collection
  • Customer attestation letters available on request
Phase 4 — Type II report
plannedQ3 2027
  • Final SOC 2 Type II report issued
  • Bridge letters between annual reports
  • Continuous compliance maintained year-over-year
Need an attestation letter or bridge letter?
Available under NDA once Phase 2 closes. We can share current readiness evidence today.
Security controlsRequest evidence