SOC 2

SOC 2 is an independent audit performed against the American Institute of Certified Public Accountants’ (AICPA) Trust Services Criteria. Open Doors maintains SOC 2 Type II coverage for the Trust Services Criteria of Security, Availability, and Confidentiality.

What SOC 2 covers

• Security — protection against unauthorised access, use, or modification.
• Availability — systems operate as committed and contract-agreed.
• Confidentiality — information designated as confidential is protected as agreed.

Our audit period runs annually. Type II reports cover design and operating effectiveness of controls over that period (not a point-in-time snapshot).

Accessing our SOC 2 report

SOC 2 reports contain sensitive details about our controls and infrastructure. They are released under NDA to customers, prospects, and partners with a legitimate business need. To request a copy:

• Email security@opendoors.ai from a business email.
• Include your company name, use case, and a signatory for the mutual NDA.
• We send the NDA, then the current SOC 2 Type II report upon execution. Usually within 2 business days.

Complementary user entity controls

The SOC 2 report lists controls you, the customer, are expected to implement for overall compliance to be effective — things like enforcing strong passwords, enabling 2FA, limiting administrator accounts, and reviewing audit logs. Treat them as a checklist when onboarding Open Doors.

Continuous monitoring

Between annual audits, we operate continuous-control monitoring, change management, vulnerability management, and access reviews. Evidence of each control is retained for the audit window and beyond.