SOC 2 Compliance

ATHENA is pursuing SOC 2 Type I certification, with Type II planned for 2026.

Current Status

Certification

Status

Expected

SOC 2 Type I

In Progress

Q2 2026

SOC 2 Type II

Planned

Q4 2026

Trust Service Categories

Security ✅

Protection against unauthorized access

Control

Status

Implementation

Access control

✅

API key auth, bcrypt

Encryption

✅

TLS 1.3, AES-256

Network security

✅

Firewall, rate limiting

Vulnerability management

✅

npm audit, Dependabot

Availability ✅

System operates as committed

Control

Status

Implementation

Uptime SLA

✅

99.5% (99.9% Enterprise)

Monitoring

✅

APM, health checks

Incident response

✅

Documented plan

Disaster recovery

✅

Multi-region backup

Confidentiality ✅

Information designated as confidential is protected

Control

Status

Implementation

Data classification

✅

4-tier system

Multi-tenant isolation

✅

Row-level security

Encryption at rest

✅

AES-256

Access logging

✅

Complete audit trail

Processing Integrity ⏳

System processing is complete, valid, accurate, and authorized

Control

Status

Implementation

Input validation

✅

Zod schemas

Error handling

✅

Error boundaries

Data accuracy

⏳

In progress

Audit trail

✅

All actions logged

Privacy ⏳

Personal information is collected, used, and retained appropriately

Control

Status

Implementation

GDPR compliance

⏳

In progress

Data retention

✅

2-year default

Data deletion

✅

API available

✅

Published

What We Already Have

Access Control

API key authentication (bcrypt hashed)
Role-based access control
Multi-tenant isolation (RLS)

Audit Logging

All API requests logged
Authentication attempts tracked
Admin actions recorded

Data Encryption

TLS 1.3 in transit
AES-256 at rest
Webhook signatures (HMAC-SHA256)

Change Management

Anchor ADRs (91 decisions tracked)
Git version control
CI/CD automation

Monitoring

APM metrics
Health checks
Error tracking

What We're Building

Q1 2026

Formal security policy document
Access review process (quarterly)
Vendor management documentation

Q2 2026

SOC 2 Type I audit
Penetration testing
Business continuity plan

Q4 2026

SOC 2 Type II audit (6-month observation)
ISO 27001 preparation

Enterprise Requests

Need a SOC 2 report before certification?

Bridge Letter: Available on request

Security Questionnaire: Pre-filled responses available

Custom Audit: Contact [email protected]

Contact

Compliance Team: [email protected]

Next: Error Handling

PreviousMulti-Tenant Isolation NextError Handling

Last updated 5 hours ago

Good evening

Current Status

Trust Service Categories

Security ✅

Availability ✅

Confidentiality ✅

Processing Integrity ⏳

Privacy ⏳

What We Already Have

Access Control

Audit Logging

Data Encryption

Change Management

Monitoring

What We're Building

Q1 2026

Q2 2026

Q4 2026

Enterprise Requests

Contact