Book a demo

Book a demo

Announcements

Nov 26, 2025

Normain has completed a SOC Type 2 examination for information security

Normain has reached a new milestone in information security.

We have successfully completed a SOC 2 Type 2 examination and received a SOC 2 Type 2 report.

This is one of the most widely recognized ways to evaluate information security controls. It’s earned through a rigorous third-party audit process that tests how well our security controls work over time in real operating conditions.

Understanding SOC 2

SOC 2 is a compliance framework created by the AICPA (the American Institute of Certified Public Accountants) to assess an organization’s information security practices. It examines how well security controls protect customer data across both technical systems and day to day operations.

Becoming SOC 2 Type 2 assessed means our security controls have been examined over an extended period by an independent, AICPA-accredited auditor.

What Normain’s SOC 2 Type 2 report covers

Our SOC 2 Type 2 report focuses on the Security (Common Criteria) category. Security is the core of SOC 2 and centers on protecting systems and data against unauthorized access, misuse, and disclosure across both technical systems and everyday operations.

Here’s what the Security criteria covers:

  • Control environment: We establish an organizational foundation that prioritizes integrity, accountability, and security.

  • Communication and information: We document our security policies and communicate clear expectations for handling data internally and externally.

  • Risk assessment: We identify, analyze, and assess security risks on an ongoing basis.

  • Monitoring controls: We continuously monitor our systems and confirm that security controls operate effectively.

  • Control activities: We implement processes and technologies that reduce security risk and enforce our policies.

  • Logical and physical access controls: We prevent unauthorized access to data, devices, systems, and facilities.

  • System operations: We maintain secure operations through monitoring, incident response readiness, and recovery planning.

  • Change management: We review, test, and approve system changes before deployment to protect stability and security.

  • Risk mitigation: We manage and reduce third party risk through vendor oversight and access controls.

Completing a Type 2 examination for Security shows that our core security controls are not only thoughtfully designed, but have been operating effectively throughout the audit period under real conditions.

Why this matters

In modern software, trust is everything.

A SOC 2 Type 2 report is not just a checkbox. It is one of the strongest signals a company can give about how seriously it treats security.

For you, this means:

  • Your data is protected. Our protections have been tested over months and shown to operate effectively in real conditions.


  • Your workflows are secure. We meet a widely accepted standard for handling sensitive data


  • Your trust is verified. An independent, AICPA-accredited auditor has evaluated our controls against defined criteria.

This milestone reinforces the trust teams already place in Normain to handle sensitive, high stakes workflows.

Why we are proud

Strong security has always been non-negotiable at Normain.

This SOC 2 Type 2 report shows that our controls don’t just exist on paper, they work day in and day out under real conditions.  It also complements our ISO 27001 work and reinforces our continued dedication to protecting customer data.

Few companies earn this level of verification this early, and it’s a milestone that will matter for every customer choosing to trust us with their data.

For more on how we protect your data, visit our Trust Center: https://trust.normain.com/

Why I decided to join Normain as Founding Engineer - Max Netterberg ›