SOC 2 Compliance

Clerk.io is committed to maintaining robust security controls aligned with the SOC 2 Type II Trust Services Criteria (TSC) for Security, Availability, Confidentiality, Processing Integrity, and Privacy. While formal attestation is pending, our internal controls and monitoring processes are designed to meet every applicable criterion, ensuring the protection and reliability of our services.

This section collects all artefacts that form part of our SOC 2 program. Each policy or procedure is maintained in its own document for clarity and version-control purposes.

Core Artefacts

• System Description – Boundaries, components, and data flows of the Clerk.io platform
• Trust Services Criteria Mapping – Narrative of how Clerk.io satisfies each TSC
• Controls Matrix – Spreadsheet-style mapping of controls to criteria and evidence

Key Policies & Procedures

• Access Control Policy
• Asset & Configuration Management Policy
• Change Management Policy
• Vulnerability & Patch Management Policy
• Incident Response Plan
• Business Continuity & Disaster Recovery Plan
• Physical & Environmental Security Policy
• Workforce & HR Security Policy
• Vendor Management Policy
• Risk Management Policy
• Encryption & Key Management Policy
• Logging & Monitoring Policy

Where a control is already documented under our ISO 27001 program, we reference the same control rather than duplicating content.