soc 2 certified
Your Data. Our Responsibility.
We build digital products for brands that trust us with their biggest ideas.
That trust starts with how we protect what matters most.
What Is SOC 2 Certified?
Being SOC 2 Certified is a rigorous auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It evaluates how a company protects customer data across five trust principles. It’s not a checkbox exercise. It’s an independent, third-party validation that our security practices, policies, and operations meet enterprise-grade standards.
Southern Made has achieved SOC 2 certified compliance, independently audited by Prescient Assurance, a leading security and compliance firm for B2B and SaaS companies worldwide. Our audit resulted in no significant findings.
🛡️
Security
⚡
Availability
⚙️
Processing Integrity
🔒
Confidential
👁️
Privacy
What This Means for You
When you hand us a project, you’re handing us access to your brand, your users, and often your infrastructure. SOC 2 certification means we’ve proven (not just promised) that we handle that access with the discipline it deserves.
Every system we touch, every line of code we write, every piece of data that passes through our hands is governed by audited security controls. Not because a contract says so. Because it’s how we operate.
How We Protect Your Work
Security isn’t a department at Southern Made. It’s a mindset that runs through everything we do, from how we hire to how we ship code.
👥 Vetted People
Every team member undergoes background checks before they touch a project. NDAs are standard. Security training isn’t optional, it’s ongoing and covers the latest attack vectors.
💻 Secure Development
We follow secure development lifecycle principles on every project. Design reviews bake in security requirements from the start. Our teams train annually on secure coding practices aligned with OWASP Top 10.
🛡️ Continuous Testing
We run third-party penetration testing and vulnerability scans on all production systems. Static and dynamic application security testing is built into our development pipeline, not bolted on after the fact.
☁️ Cloud Security
Customer data is isolated with dedicated trust zones and unique encryption keys. All data is encrypted at rest and in transit. We enforce role-based access controls and the principle of least privilege across the board.
👁️ Monitoring & Response
Our platform is continuously monitored by trained security professionals. We don’t wait for something to go wrong. We watch, we test, and we respond before issues become incidents.
📋 Access & Documentation
Access is granted on a need-to-know basis and reviewed regularly. Every policy, every procedure, every control is documented, maintained, and audit-ready at all times.
Common Questions
Can I see the full SOC 2 report?
Full SOC 2 reports contain sensitive details about our internal systems. You can review our public-facing security posture at our Trust Center, or reach out directly if you need the detailed report under NDA for procurement or compliance review.
What’s the difference between Type 1 and Type 2?
Type 1 is a snapshot, it confirms that security controls are properly designed at a specific point in time. Type 2 goes further, it validates that those controls are operating effectively over an extended period. Southern Made has achieved Type 1 and is actively pursuing Type 2 to demonstrate sustained operational effectiveness.
Who audits Southern Made?
We’re audited by Prescient Assurance, a registered public accounting firm in the US and Canada that specializes in security and compliance attestation for B2B and SaaS companies. They don’t just check boxes. They put our systems through the rigor they deserve.
Does SOC 2 cover the work you do for clients?
Yes. Our SOC 2 audit covers the systems, processes, and practices we use to build and deliver client projects. That means the same security standards that protect our infrastructure also protect your work while it’s in our hands.
Security Questions? Let’s Talk.
We’re an open book when it comes to how we protect your data. Visit our Trust Center or get in touch, we’re happy to walk through our practices.