Docmosis Achieves SOC 2 Type 1 Compliance

7 October 2025

We’re proud to announce that Docmosis has successfully achieved SOC 2 Type I compliance, providing independent assurance of the security of the Docmosis Cloud document generation service.

This recognition validates that the security-first approach that has guided Docmosis from the outset meets the rigorous SOC 2 standard.

A Strong Foundation

Docmosis Cloud Service was designed from the start with security as a core focus. Data and generated documents are automatically and immediately deleted after processing, removing most typical security concerns from the outset.

Building on that foundation, we have continually developed our systems and procedures to align with industry best practices, including:

  • All communication forced over encrypted HTTPS channels
  • Artefacts (templates, images) stored encrypted at rest
  • Self-managed passwords and API keys with audit logging
  • Strict role-based access and two-factor authentication for staff
  • Hosting entirely on secure AWS infrastructure
  • 24/7 availability monitoring, resilience planning, and regular third-party penetration testing

The process formalized and extended these and other well-established practices and policies into a documented, auditable framework. This work consolidated years of security-driven design choices into defined policies, mapped controls to objectives, and provided the evidence needed to demonstrate compliance with the SOC 2 Trust Services Criteria.

What the Audit Involves

An independent auditor examined the design of our controls across key areas:

  • Infrastructure security
  • Organizational security
  • Product security
  • Internal security procedures
  • Data and Privacy

The audit concluded that our controls are suitably designed to provide reasonable assurance as of the audit date, confirming that the systems, policies, and safeguards we’ve built are robust and reliable.

What’s Next

The Docmosis team is now preparing for the SOC 2 Type II assessment, which will evaluate the operational effectiveness of the controls over a multi-month period. This next phase will focus on ongoing monitoring, rapid resolution of any issues and continual improvement of our security posture.

The SOC 2 Type I report is available on request via the Docmosis Trust Portal.