We are proud to announce that Ferentin has achieved SOC 2 Type II certification, independently validating that our security controls meet the highest standards, not just at a point in time, but sustained over an extended audit period.
For a company whose mission is to secure enterprise AI, this milestone matters. It means an independent auditor has verified that the controls we use to protect your data, govern access, and maintain system availability work as designed, consistently, over time.
What is SOC 2 Type II?
SOC 2 (System and Organization Controls 2) is an auditing framework developed by the AICPA that evaluates how organizations manage customer data. There are two types:
- Type I evaluates controls at a single point in time, a snapshot.
- Type II evaluates controls over an extended period (typically 6 to 12 months), proving that security practices are sustained and operational, not just documented.
Type II is the gold standard for enterprise SaaS vendors. It tells your security and procurement teams that our controls have been tested, monitored, and validated continuously.
What the audit covers
Our SOC 2 Type II report covers the Trust Services Criteria most relevant to AI infrastructure:
- Security. Protection against unauthorized access across our LLM gateway, MCP server proxy, and management plane. This includes identity-based access controls, encryption in transit and at rest, and network segmentation.
- Availability. Our infrastructure meets defined SLAs with redundancy, monitoring, and incident response procedures.
- Confidentiality. Customer data, API keys, and LLM interactions are protected with tenant isolation and strict access policies. Your data never leaves your trust boundary.
Why this matters for AI security
Most AI platforms today are racing to ship features. Security and compliance are afterthoughts, bolted on later, if at all. Ferentin was built differently. Identity-centric, Zero Trust access to LLMs and AI tools is not a feature we added; it is the product.
SOC 2 Type II certification validates this approach:
- Every LLM request is authenticated and authorized. Our gateway enforces identity-based policies before any prompt reaches a model provider.
- Every interaction is logged. Complete audit trails for compliance, forensics, and governance.
- Your keys, your boundary. Bring your own API keys, choose your data residency, and maintain full control over what leaves your environment.
For security teams evaluating AI platforms, SOC 2 Type II is the baseline. We are glad to meet it, and we are building toward more.
How to access our SOC 2 report
Our SOC 2 Type II report is available to customers and prospects under NDA through our Trust Center. You can request a copy directly from the portal, no sales call required.
The Trust Center also provides real-time information about our security posture, sub-processors, and compliance documentation.
Independent vulnerability assessment
Alongside SOC 2 Type II, we completed a comprehensive Vulnerability Assessment and Penetration Testing (VAPT) engagement conducted by an independent security firm. The assessment covered our entire attack surface, including API endpoints, authentication flows, tenant isolation, and infrastructure, and confirmed that our platform meets enterprise security standards with no critical or high-severity findings.
The VAPT report is available alongside our SOC 2 report through the Trust Center.
What comes next
SOC 2 Type II and VAPT are important milestones, but they are not the finish line. We are continuing to invest in compliance and security programs that enterprise customers expect, including expanded certifications and deeper controls around AI-specific risks.
If you have questions about our security practices or want to review our SOC 2 report, visit trust.ferentin.com or contact our team.
Stay in the loop
Get the latest on enterprise AI security delivered to your inbox.