Trust & Compliance

Adjusted has received its
SOC 2® Type II report

Our System and Organization Controls (SOC) for Service Organizations examination was completed by an independent CPA firm, verifying the security, availability, and confidentiality of our platform — the controls your clients' most sensitive claims data depends on.

AICPA SOC 2 for Service Organizations seal

Independently examined by a licensed CPA firm. Learn about SOC examinations

Trust service criteria

Controls examined across three criteria

The SOC 2® examination verified controls across the categories that matter most for a platform handling sensitive insurance claims data.

Security

System resources are protected against unauthorized access. Controls include access management, network perimeter security, encryption in transit and at rest, and intrusion detection.

CC criteria

Availability

The system is available for operation and use as committed. Controls cover infrastructure redundancy, incident response, disaster recovery, and uptime monitoring.

A criteria

Confidentiality

Information designated as confidential is protected as committed. This covers data handling policies, logical access controls, and multi-tenant data isolation across customer accounts.

C criteria

What it means for your firm

Independent verification you can share with clients

Adjusted received its SOC 2® Type II report on the organization's controls relevant to security, availability, and confidentiality. The examination covered a defined period of time — not just a point-in-time snapshot — meaning our controls were tested continuously and found to be operating effectively throughout.

For public adjusters, law firms, TPAs, and restoration contractors, this report provides the independent third-party evidence that enterprise clients, carriers, and legal counterparties increasingly require before onboarding a SaaS vendor into their claims workflow.

Unlike a questionnaire or self-assessment, a SOC 2® examination is performed by a licensed CPA firm under standards set by the American Institute of Certified Public Accountants (AICPA). The report package can be shared under NDA with your own clients, counsel, or IT security reviewers.

Type II — not Type I

Controls were tested over the full audit period, not just evaluated on paper. This is the stronger standard requested by enterprise procurement teams.

Annual renewal required

Per AICPA guidelines, Adjusted must complete a new examination every 12 months to continue displaying the SOC for Service Organizations mark.

Multi-tenant data isolation

Every customer's claims data is isolated at the account level. No cross-tenant data access is possible by design — verified through the examination.

Self-serve trust center

The full SOC 2® report package and supporting documentation are available on-demand at trust.deltaclaims.ai — no waiting on a sales reply.

How we got here

The controls that went under the microscope

Our examination covered common criteria across logical and physical access, system operations, change management, and risk management — alongside availability and confidentiality-specific controls.

CC 6.0
Logical access
Auth0-based authentication, RBAC, MFA enforcement, and automated access reviews across AWS and MongoDB Atlas.
CC 7.0
System operations
CloudWatch monitoring, GuardDuty threat detection, anomaly alerting, and incident response runbooks.
CC 8.0
Change management
Pull-request gating, mandatory code review, automated CI/CD pipelines, and deployment approval workflows.
CC 9.0
Risk management
Annual risk assessments, vendor security reviews, and vulnerability management with defined SLAs.
A 1.0
Infrastructure availability
AWS multi-AZ deployment, automated failover, and disaster recovery exercised through documented tabletop testing.
C 1.0
Confidential data
Per-customer data isolation, encryption at rest via AWS KMS CMK, and data retention and disposal policies.

Get the documentation

Request the full SOC 2® report

Enterprise customers, carriers, and legal counterparties can request the full report package through our Vanta-powered trust center. Access is self-serve — no waiting on a reply. The portal also surfaces our security policies, pen test summaries, and compliance documentation in one place.

Visit trust.deltaclaims.ai