Ory is SOC 2 Type 2 certified

Ory recently announced the completion of our latest SOC 2 examination.

Here’s what that means for you:

A SOC 2 report provides an avenue for current and potential stakeholders to assess risk by giving them a closer look at the policies and procedures put in place to ensure the organization’s services are provided safely and reliably.

In our case, that includes:

• Security: The system is protected against unauthorized access (both physical and logical).

• Availability: The system is available for operation and use as committed or agreed.

• Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.

• Confidentiality: Information designated as confidential is protected as committed or agreed.

• Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.

SOC 2 Type 2 reports examine controls over a period of time, usually between three and 12 months, and include both a list of the controls tested as well as the auditor’s test results. The reporting period for Ory’s latest SOC 2 report spanned from 01.06.2023 to 31.08.2023.

Current and prospective customers interested in obtaining a copy of Ory’s latest SOC 2 report may contact our security team at security@ory.sh.
Our auditing partner, BARR Advisory, has provided a detailed breakdown on how to read a SOC 2 report.