Last week, Laiye announced it had successfully achieved the Service Organization Control (SOC) 2 Type 1 compliance certification following an audit conducted by Ernst & Young Hua Ming LLP. The SOC 2 report has been awarded to Laiye’s entire end-to-end IA platform, which includes RPA, Conversational AI, and Intelligent Document Processing. The SOC 2 certification is globally recognized as the most authoritative and stringent data security audit standard. This attestation provides assurance to Laiye global customers that Laiye’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, and confidentiality.
Roughly one year ago, we reported that the flagship RPA vendor UiPath had successfully completed SOC 2 Type 2 examination for UiPath Automation Cloud in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA). As you can see, the two companies completed different types of the same certification. Let’s answer the question – what is the difference between SOC 2 Type 1 and Type 2?
SOC 2 Type 1 is different from Type 2 in that a Type 1 assesses the design of security processes at a specific point in time, while a Type 2 report assesses how effective those controls are over time by observing operations for six months. That means SOC 2 Type 2 Certification is more difficult to achieve. However, obtaining the SOC 2 Type 1 certification is truly a significant achievement for Laiye as it conveys its ongoing commitment to building a safe, secure, and reliable Intelligent Automation platform that will help its customers do better, and be better.