SOC 2 Compliance

ATHENA is pursuing SOC 2 Type I certification, with Type II planned for 2026.

Current Status

Certification

Status

Expected

SOC 2 Type I

In Progress

Q2 2026

SOC 2 Type II

Planned

Q4 2026

Trust Service Categories

Security ✅

Protection against unauthorized access

Control

Status

Implementation

Access control

✅

API key auth, bcrypt

Encryption

✅

TLS 1.3, AES-256

Network security

✅

Firewall, rate limiting

Vulnerability management

✅

npm audit, Dependabot

Availability ✅

System operates as committed

Control

Status

Implementation

Uptime SLA

✅

99.5% (99.9% Enterprise)

Monitoring

✅

APM, health checks

Incident response

✅

Documented plan

Disaster recovery

✅

Multi-region backup

Confidentiality ✅

Information designated as confidential is protected

Control

Status

Implementation

Data classification

✅

4-tier system

Multi-tenant isolation

✅

Row-level security

Encryption at rest

✅

AES-256

Access logging

✅

Complete audit trail

Processing Integrity ⏳

System processing is complete, valid, accurate, and authorized

Control

Status

Implementation

Input validation

✅

Zod schemas

Error handling

✅

Error boundaries

Data accuracy

⏳

In progress

Audit trail

✅

All actions logged

Privacy ⏳

Personal information is collected, used, and retained appropriately

Control

Status

Implementation

GDPR compliance

⏳

In progress

Data retention

✅

2-year default

Data deletion

✅

API available

✅

Published

What We Already Have

Access Control

API key authentication (bcrypt hashed)
Role-based access control
Multi-tenant isolation (RLS)

Audit Logging

All API requests logged
Authentication attempts tracked
Admin actions recorded

Data Encryption

TLS 1.3 in transit
AES-256 at rest
Webhook signatures (HMAC-SHA256)

Change Management

Anchor ADRs (91 decisions tracked)
Git version control
CI/CD automation

Monitoring

APM metrics
Health checks
Error tracking

What We're Building

Q1 2026

Formal security policy document
Access review process (quarterly)
Vendor management documentation

Q2 2026

SOC 2 Type I audit
Penetration testing
Business continuity plan

Q4 2026

SOC 2 Type II audit (6-month observation)
ISO 27001 preparation

Enterprise Requests

Need a SOC 2 report before certification?

Bridge Letter: Available on request

Security Questionnaire: Pre-filled responses available

Custom Audit: Contact [email protected]

Contact

Compliance Team: [email protected]

Next: Error Handling

PreviousMulti-Tenant Isolation NextError Handling

Last updated 1 month ago

Good morning

hashtagCurrent Status

hashtagTrust Service Categories

hashtagSecurity ✅

hashtagAvailability ✅

hashtagConfidentiality ✅

hashtagProcessing Integrity ⏳

hashtagPrivacy ⏳

hashtagWhat We Already Have

hashtagAccess Control

hashtagAudit Logging

hashtagData Encryption

hashtagChange Management

hashtagMonitoring

hashtagWhat We're Building

hashtagQ1 2026

hashtagQ2 2026

hashtagQ4 2026

hashtagEnterprise Requests

hashtagContact

Current Status

Trust Service Categories

Security ✅

Availability ✅

Confidentiality ✅

Processing Integrity ⏳

Privacy ⏳

What We Already Have

Access Control

Audit Logging

Data Encryption

Change Management

Monitoring

What We're Building

Q1 2026

Q2 2026

Q4 2026

Enterprise Requests

Contact