Security, Compliance & Assurance

Independent standards. Verifiable controls.

 

Book a demo
Get in touch

Security and Compliance You Can Verify

Assai is committed to maintaining a mature, transparent, and demonstrable security and compliance posture for its SaaS platform.

 

We support organizations that manage sensitive engineering and asset information, operate in regulated environments, and require clear assurance of vendor security maturity. Our compliance framework is built on internationally recognized standards and independent assessments, not self-asserted claims.

Our Compliance Framework

Assai adheres to a SOC 2 Type II Attestation report, providing assurance over the design and operating effectiveness of security controls over time.

SOC 2 is an internationally recognized standard developed by the American Institute of Certified Public Accountants (AICPA). It evaluates services provided by a service organization so that customers can assess and address risks associated with outsourced cloud services.

Assai’s SOC 2 assessment covers the following Trust Services Criteria:

Security

Protection of systems and data against unauthorized access

Availability

Systems are accessible and operational as committed

Confidentiality

Restriction of access to sensitive systems and data

SOC 2 adapts to the nature and needs of each organization. Assai has designed its controls to reflect the risks and requirements associated with cloud-based document and data management in engineering-driven environments.

Transparency Through CSA STAR​

In addition to formal attestations, Assai publishes its cloud security controls in the Cloud Security Alliance (CSA) STAR Registry – Level 1.

The CSA is a globally recognized, industry-led organization that defines best-practice security controls for cloud services. The STAR Registry enables customers to assess cloud providers using a standardized, independent framework rather than relying solely on vendor statements.

Assai’s CSA STAR disclosures cover:

By making these controls publicly available, customers and partners can clearly understand how Assai governs security, risk management, and compliance across its SaaS platform.

SOC 2 Type I vs. Type II​

There are two types of SOC 2 reports:

  • Type I
    Assesses whether controls are suitably designed at a specific point in time.
  • Type II
    Assesses whether those controls operate effectively over a defined period.

Assai has obtained a SOC 2 Type II Attestation, providing a higher level of assurance through continuous operational validation.