SOC 2 · Type II · annual 01
Security
Protection against unauthorized access. Covers encryption, access controls, firewalls, intrusion detection, and incident response.
SOC 2 · Type II · annual
SOC 2
Type II.
DialPhone is SOC 2 Type II audited annually across four Trust Services Criteria. The full report is available to customers and qualified prospects under NDA.
SOC 2 is the baseline procurement checkbox most enterprise security reviews require. The distinction that matters: Type II versus Type I. Type I attests that controls were designed appropriately on a specific date; Type II attests that those controls operated effectively over a 6- to 12-month observation window. Type II is what mid-market and enterprise procurement teams expect, because it tests whether the program holds up day-to-day, not whether it looked good at audit time.
DialPhone audits annually against four of the five Trust Services Criteria: Security (the always-required core), Availability (which matters for any phone system where downtime equals dropped customer calls), Confidentiality (which matters for any platform handling sensitive customer conversations), and Processing Integrity (which matters for messaging and AI inference paths where data must arrive complete and uncorrupted). Privacy is covered separately via the GDPR and CCPA programs.
The audit is performed by an independent CPA firm with telecommunications and SaaS experience. The full report (typically 80-140 pages including subprocessor scope, control descriptions, and the auditor's opinion) is available under NDA to customers, qualified prospects in active procurement, and analyst firms. Request via sales. Executive summaries are shared with enterprise customers without NDA on request. For the broader compliance footprint across HIPAA, PCI-DSS, ISO 27001, and FINRA, see the Trust Center.
Trust Services Criteria
Four criteria covered
-
-
02
Availability
System accessibility for operation and use. Covers uptime, disaster recovery, capacity planning, and monitoring.
-
03
Confidentiality
Data classified as confidential is protected. Covers data classification, retention, secure destruction, and NDA enforcement.
-
04
Processing Integrity
System processing is complete, accurate, timely, and authorized. Covers data validation, reconciliation, and error handling.
Get the report
Request access
Customers receive the report on request via the admin portal. Prospects receive it under NDA, contact sales or email [email protected].
SOC 2 FAQ
Can I get a copy of the SOC 2 report?
Yes, the full Type II report is available to customers and qualified prospects under NDA. Request via sales or [email protected].
Who audits DialPhone?
An independent AICPA-member CPA firm. The firm rotates per internal auditor independence requirements. Audit firm name is disclosed in the report cover letter.
What period does the report cover?
Type II reports cover a 12-month operating period. The current report covers the calendar year ending December 31, 2025. The next audit period is in progress and completes Q1 2027.
What if there are exceptions?
The audit process produces a Management Response Letter addressing any exceptions or control deviations. We publish our remediation plan inside the report. Zero material exceptions in the most recent audit.
Is this SOC 2 Type I or Type II?
Type II. Type I only attests to control design at a point in time; Type II attests that controls operated effectively over a period (12 months). Type II is the standard for production SaaS.