SOC 2 Compliance
QRZone maintains SOC 2 Type II compliance, independently audited against the AICPA Trust Service Criteria.
Last updated: February 2026
1. SOC 2 Type II Certification
QRZone has achieved SOC 2 Type II certification, which evaluates our security controls over an extended period (minimum 6 months). Our most recent audit covers the Trust Service Criteria for Security, Availability, and Confidentiality.
2. Trust Service Criteria
- Security: Protection against unauthorized access through firewalls, intrusion detection, multi-factor authentication, and encryption at rest and in transit.
- Availability: 99.99% uptime SLA backed by multi-region infrastructure, automated failover, and continuous monitoring.
- Confidentiality: Data classification, access controls, encryption, and secure disposal procedures to protect confidential information.
3. Audit Scope
Our SOC 2 audit covers the entire QRZone platform including the API, dashboard, analytics pipeline, scan infrastructure, and internal administrative systems. The audit is conducted annually by an independent AICPA-accredited firm.
4. Key Controls
- Change management with peer review and automated testing
- Vulnerability scanning and annual penetration testing
- Employee background checks and security training
- Incident response plan with defined escalation procedures
- Vendor risk management and sub-processor oversight
- Business continuity and disaster recovery testing
5. Requesting the Report
SOC 2 reports are available to customers and prospects under NDA. Contact security@qrzone.io to request a copy of our latest SOC 2 Type II report.
6. Continuous Compliance
QRZone maintains continuous compliance through automated control monitoring, regular internal audits, and a dedicated compliance team that tracks changes against SOC 2 requirements in real time.
7. Contact
For SOC 2 related inquiries, contact our security team at security@qrzone.io or through our contact page.