SOC 2 COMPLIANCE

Last Reviewed: July 2025
Next Review Due: July 2026

Overview

The System and Organization Controls 2 (SOC 2) is a widely recognized compliance standard developed by the American Institute of Certified Public Accountants (AICPA). It focuses on five core trust service criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. SOC 2 is designed to ensure that an organization’s systems are designed to keep customer data secure and available, especially for cloud-based and software-as-a-service (SaaS) providers.

For load balancing software vendors like RELIANOID, SOC 2 compliance has a direct impact on how products are engineered, deployed, and maintained. The focus on secure system design, continuous monitoring, incident response, and data integrity fits naturally with RELIANOID’s mission to provide resilient, high-performance load balancing solutions. Our technologies support customers in maintaining secure and compliant operations by offering features such as encryption, audit logging, failover capabilities, and robust access control mechanisms.

In this context, RELIANOID presents its official statement on SOC 2 compliance, detailed in the following sections, outlining how its load balancing technology supports the standard’s pillars of trust, security, and availability.

SOC 2 Alignment Statement

Trust Services Criteria for the RELIANOID Load Balancer and Organizational Operations

RELIANOID is aligned with SOC 2 Security principles and implements controls addressing all five Trust Services Criteria—Security, Availability, Confidentiality, Processing Integrity, and Privacy—across our Load Balancer solution and entire organization (development, support, delivery). Our software is deployed primarily on-premises, and also in cloud and hybrid environments; the same control set applies across all deployment models. We serve highly regulated sectors such as finance, healthcare, and government, as well as general enterprises.

Note: RELIANOID is not SOC 2 certified. The following describes our alignment to SOC 2 Trust Services Criteria, not a certification or attestation report.

Scope

• System: RELIANOID Load Balancer (all editions)
• Operations: Product engineering, release & delivery, customer support
• Deployments: On-prem, cloud, and hybrid — one control baseline applied

Organizational Governance & Risk Management

Our governance framework maps to SOC 2 control areas (control environment, communication, risk assessment, monitoring):

• Policies & Procedures: See Business Continuity & Disaster Recovery and Third-Party Risk Management.
• Risk Management: Formal risk identification, assessment, and tracking with remediation plans integrated into product and ops backlogs.
• Training & Awareness: Mandatory security training for all staff; role-based refreshers for engineers and support.

Data Security & Privacy

• Data Processing & Privacy: See Data Processing Agreement (DPA) and Global Data Segregation & Privacy Policy.
• Encryption: TLS 1.3 for data in transit; support for encryption at rest and customer-managed keys in supported environments.
• Access: Role-Based Access Control (RBAC), SSO/LDAP integrations, and MFA for privileged operations.

Operational Security Controls

RELIANOID maintains layered controls for prevention, detection, and response (logical access, system operations, change management):

• Logging & Monitoring: Administrative and security events are logged with options to forward to customer SIEM; alerting and escalation paths defined.
• Vulnerability Management: Weekly vulnerability scans for the load balancing software; quarterly security scans for public and internal services; tracked remediation SLAs.
• Hardening: Secure-by-default configurations, least-privilege service accounts, network segmentation, and secure secrets handling.

Change & Release Management

• Code Reviews: Mandatory peer review; every commit runs automated validation scripts for secure code.
• Automated Testing: Security and functional tests integrated with OpenAPI-driven pipelines; regression gates on builds.
• Release Integrity: Versioned releases, documented changes, and rollback procedures.

Incident Response & Service Levels

Incident handling processes and external communications align with SOC 2 expectations for security events and availability commitments:

• Procedures: See Incident Response & Reporting Procedures.
• Customer Commitments: See Service Level Agreement (SLA).

Third-Party & Supply-Chain Risk

• Vendor Oversight: Critical suppliers assessed per Third-Party Risk Management Policy, including SLAs and exit strategies.
• Cloud & Hosting: Customers may deploy on their preferred infrastructure; guidance provided to align shared responsibilities.

Business Continuity & Disaster Recovery

• BC/DR Program: Policies and testing as defined in BC/DR Policy.
• Backups & Restoration: Periodic backups and restoration drills to meet availability and integrity objectives.

Trust Services Criteria (TSC) Alignment

Security (Common Criteria)

• Logical access controls: RBAC, MFA for privileged access, network segmentation.
• System operations: monitoring, alerting, vulnerability management, anti-abuse protections.
• Change management: code reviews, automated security validation per commit, release approvals.

Availability

• High-availability clustering and failover options (on-prem/cloud).
• SLA for support and response times; capacity and health monitoring.
• BC/DR plans with backup and restoration testing.

Confidentiality

• Encryption in transit (TLS 1.3) and at rest (supported environments); key management guidance.
• Data segregation practices per privacy policy; least-privilege access.
• Secure configuration baselines and secret hygiene.

Processing Integrity

• Automated pipeline tests (functional, regression) to ensure accurate and authorized processing.
• Configuration validation and change tracking; integrity checks on releases.
• Defined remediation SLAs for defects affecting correctness.

Privacy

• Data Processing Agreement and global privacy controls (see DPA & Privacy Policy).
• Data minimization and retention options for logs/telemetry.
• Customer ownership and control over data flows and exports.

Final Statement

RELIANOID is committed to helping organizations meet the SOC 2 Trust Services Criteria by integrating robust security measures, operational resilience strategies, and compliance-driven best practices into our load balancing solutions.

Document Reviews

Contact and Assurance

We welcome requests for detailed security documentation, risk mapping matrices, or compliance disclosures.

Contact our Compliance & Security Team

Download Latest Security Report