// Vertical Depth / Security
SOC 2 Type II
readiness for
AI teams
Certified Evaluation System → Security control plane
We ship a full SOC 2 Type II control library for AI evaluation workflows—mapped evidence packages, automated control tests, and mission dashboards tuned for security and GRC teams.
Mission Control Kit
Pre-mapped control tests and evidence exports
Run Judge, Probe, Monitor, and Attest as required controls for CC9.2, CC1.2, and CC7.x. Export every run into your auditor’s preferred format with cryptographic signatures.
Daily control status dashboard with traffic-light signals
Evidence locker exports: PDF narrative + signed JSON + chain-of-custody logs
Auto-response hooks: block promotion, quarantine models, notify CISO
Control Mapping Snapshot
Live syncedJudge
SOC 2 CC9.2, ISO/IEC 42001 §8.5
Evaluation scorecards, sign-off trail
Probe
SOC 2 CC7.4, NIST AI RMF Manage
Adversarial runbook, mitigation ledger
Monitor
SOC 2 CC7.2, ISO/IEC 27001 A.12.6
Telemetry traces, incident reports
Attest
SOC 2 CC1.2, CC1.3
Signed release certificates
Certifications
Independently audited
and certified
SOC 2 Type II
AICPA Certified
Annual SOC 2 Type II attestation covering security, availability, processing integrity, confidentiality, and privacy trust service criteria.
Report available under NDA
ISO 27001
Certified
ISO 27001:2022 certification for information security management systems (ISMS), validated by accredited external auditors.
Certificate ID: ISO27001-2025-EO
Additional Compliance
GDPR
EU General Data Protection Regulation compliant
CCPA
California Consumer Privacy Act compliant
HIPAA
Business Associate Agreement available
Data Protection
Your data never
leaves your control
On-Premises & VPC Deployment
Deploy EvalOps entirely within your infrastructure. All evaluation data, models, datasets, and sensitive information remain under your complete control. Only cryptographic hashes and signatures are transmitted for certificate generation.
Zero Data Exfiltration Architecture
Our architecture is designed to never extract raw evaluation data, prompts, completions, or model artifacts from your environment. Verification occurs via cryptographic proofs, not data transfer.
End-to-End Encryption
TLS 1.3 with perfect forward secrecy for all communication. AES-256 encryption at rest for all stored evaluation records. Hardware security module (HSM) integration for cryptographic key management.
Security Operations
Continuous monitoring
and testing
Penetration Testing
Annual third-party penetration testing by certified security firms. Quarterly internal security assessments and vulnerability scanning.
Last assessment: Q4 2024
Security Monitoring
24/7 security operations center (SOC) monitoring, automated threat detection, and incident response procedures with defined SLAs.
MTTR: < 1 hour critical
Access Controls
Role-based access control (RBAC), multi-factor authentication (MFA) required for all access, zero-trust network architecture with least-privilege principles.
SSO integration available
Audit Logging
Comprehensive audit trails for all system access and operations. Immutable logs with cryptographic integrity verification. Retained for 7 years minimum.
SIEM integration supported
Incident Response
Prepared for security
incidents
EvalOps maintains a comprehensive incident response plan with defined escalation procedures, communication protocols, and recovery objectives.
Dedicated security incident response team available 24/7
Customer notification within 24 hours of confirmed incidents
Post-incident reviews and remediation reports provided
Security Contact