SOC 2 Type 1 certification is proof that we were already doing things the right way — this just makes it official. It’s a recognised industry standard, so if you work in finance, healthcare, or any regulated field, it’s a clear signal that you can trust us with your data.

Security’s always been a priority at Testpad. Getting SOC 2 didn’t change that — it just meant putting our existing processes under the microscope and having them checked off by independent experts. This is Type 1, which means everything was in place and working on the day of the audit. Next up is Type 2 — proof that we keep it up over time, not just on paper.

SOC 2 is a security standard

In simple terms, SOC 2 (System and Organization Controls 2) is a security standard developed by the American Institute of CPAs (AICPA). It was created specifically to help organizations verify their security practices and reduce the risk of security breaches in our increasingly digital world. For Testpad, that means an independent audit confirmed we’re doing the right things to keep your information safe.

Unlike certifications that focus just on tech infrastructure, SOC 2 looks at the big picture by evaluating organizations across five key Trust Service Criteria:

1. Security: Protection against unauthorized access

2. Availability: Systems are operational and accessible as committed

3. Processing Integrity: System processing is complete, accurate, and authorized

4. Confidentiality: Information designated as confidential is protected

5. Privacy: Personal information is collected, used, and retained appropriately

Our SOC 2 certification specifically covers the Security criterion, which is the foundation of any robust data protection strategy.

We’re a modern, cloud-based service with a remote team, so our security focus looks a little different from traditional, office-based setups. Our SOC 2 controls are designed for today’s challenges — things like access to software, securing employee devices, and protecting cloud infrastructure. In short: the stuff that actually matters when your data lives online.

If your company needs vendors that meet recognized security standards (think finance, healthcare, or anything highly regulated), our SOC 2 certification helps tick that box with confidence.

Big certification, small team that cares

At Testpad, we don’t have a big compliance department. We’re a small team, so we adapted SOC 2 principles to fit the way we actually work by defining clear roles and checks without unnecessary complexity.

While we might wear multiple hats in our day-to-day operations, SOC 2 requires clear separation of duties, which we have covered. Each role is defined, and the right checks are in place, without slowing us down.

We didn’t just tick boxes to meet requirements. We embedded security practices directly into our existing workflows, so they’re practical, sustainable, and genuinely part of how we work, rather than just written down for the audit.

For you, that means tighter processes and a team that personally stands behind keeping your data safe. It’s not just a task on someone's checklist but something every team member owns.

We’re backed by experts you can trust

We chose proven experts to ensure our security controls meet the highest standards, so you don’t have to just take our word for it.

We partnered with Vanta, a leading security and compliance platform, to help automate monitoring and streamline documentation. Vanta has a handy, in-depth guide on the ins and outs of SOC 2 security that you can read if you’re interested.

Our audit was performed by Prescient Assurance, specialists in security assessments for tech companies, giving you independent confirmation that your data is protected.They checked our systems, our processes, our documentation — the works. And they confirmed that Testpad meets SOC 2 Type 1 standards.

Strengthening what we were already doing

SOC 2 didn’t force us to start caring about security — it gave independent confirmation of protections we already had in place. You’re trusting a platform where security isn’t an afterthought, but something that has been baked in from day one.

Beyond SOC 2: Our bigger security picture

SOC 2 is a major milestone, but it’s just one part of our broader security commitment.

We've also recently updated our Security and Compliance page to give you more transparency on:

• Data encryption (in transit and at rest)
• Access controls and role-based permissions
• Vulnerability scanning and proactive patching
• Incident response plans (for the "just in case" moments)

Security isn’t a one-and-done. It’s an ongoing part of how we build and operate Testpad.

What's next

Next up is Type 2 certification, which shows we’re not just secure on paper but in practice over time. And we’re already working on it. We’ll keep evolving and improving our security practices while we continue to make security clear and accessible

If you have any questions about our SOC 2 certification, or want more details about our approach to security, get in touch at support@testpad.com. We’re always happy to chat.

If you liked this article, consider sharing