AI/ML companies get SOC 2 questionnaires the moment they sell to enterprises, plus new questions about how models handle customer data. We deliver SOC 2 readiness that speaks to both.
More context on this sector on our AI/ML industry page, and on the framework itself on our SOC 2 hub.
Tailored to AI/ML, delivered by a Toronto security and compliance team led by a published CVE researcher, with our partner Lorikeet Security where offensive testing is involved.
See the full SOC 2 service page, or productized pricing for fixed-scope engagements.
SOC 2 covers your control environment, including how you handle customer data in AI pipelines, but it is not an AI-specific audit. We often pair it with an AI/LLM security assessment for the model-layer risks.
They become vendors in your third-party risk process. We document the data you send them and the controls that govern it.
It documents your stated commitments and controls around data use. We help you make those commitments explicit and evidenced.
Book a free 30-minute discovery call. We will tell you whether this engagement fits, what it would cost, and when we could start.