We have some news we are proud to share.
Avvanz is now SOC 2 Type II attested — joining ISO 27001 and ISO 27701 to become one of the very few background screening companies in the world to hold all three independently audited data trust frameworks simultaneously.
This achievement, which we call the Triple Crown of data trust, delivers specific, practical benefits to every organisation that relies on us for its hiring data. These benefits include reduced vendor onboarding time, as enterprise clients with strict security requirements can accelerate due diligence with immediate access to our security documentation. Our independently attested data protection controls also simplify audits and regulatory checks, removing the need for additional assessments or multiple assurance reports. Ultimately, Avvanz makes it easier for your teams to work confidently and efficiently, with fewer administrative hurdles and stronger data trust throughout your organisation.
What We Now Hold
ISO 27001 — The international gold standard for information security management. Independently certified.
ISO 27701 — A dedicated privacy management framework — GDPR, PDPA, and Privacy Act ready. Independently certified.
SOC 2 Type II attested — Independent proof that our security controls operated effectively 24/7/365 — not just on audit day. Independently attested by a CPA firm.
What SOC 2 Type II Actually Means — and Why Type II Matters
SOC 2 is an attestation framework developed by the American Institute of Certified Public Accountants (AICPA). There are two types.
SOC 2 Type I confirms that security controls are designed correctly at a single point in time.
SOC 2 Type II goes further. It confirms that those controls operated effectively across an extended observation period — typically 6 to 12 months — under continuous independent review by a CPA firm.
Type II is the standard that enterprise security and procurement teams actually require. It is the difference between a provider that is prepared for an audit date and one that is audit-ready every day.
Avvanz is SOC 2 Type II attested. That means our controls for protecting client data, including access management, encryption, incident response, change management, and vendor oversight, were tested and verified as working as intended every day throughout the observation period. No exceptions. No audit-day theatre. We are committed to maintaining this level of assurance and will renew our SOC 2 Type II attested status every 12 months, ensuring our controls remain effective and up to date year after year.
What This Means for You
Faster onboarding if you have strict security requirements. Enterprise clients in financial services, healthcare, government contracting, and other regulated sectors often require SOC 2 Type II before approving a data processor. That requirement is now met. Your InfoSec and procurement teams have the documentation they need.
One provider for all three frameworks. ISO 27001 covers how we protect information. ISO 27701 covers how we manage privacy across GDPR, PDPA, the Australian Privacy Act, and other major frameworks. SOC 2 Type II independently verifies that both are working. You do not need to evaluate three separate assurance documents from three different providers. It is all Avvanz.
Confidence across 150+ countries. The Triple Crown ensures that data security and privacy management are independently verified across our entire operation. Our SOC 2 Type II attested scope covers all core background screening services delivered from our principal processing centres, including those provided to clients in the Americas, EMEA, and Asia-Pacific regions. Please note that services or processing provided by local affiliates or partners in certain jurisdictions may fall outside the current attestation scope. For detailed scope information or jurisdiction-specific queries, please contact our Trust Centre team.
A Note on Terminology
SOC 2 is an attestation, not a certification — and we describe it accurately. The correct term is 'SOC 2 Type II attested.' We follow the AICPA's usage guidelines precisely, including displaying the official SOC 2 attestation badge only in approved locations and linking to the AICPA's SOC information page.
See It for Yourself
Our Trust Centre provides access to our SOC 2 Type II report (available to clients and qualified prospects under NDA), our ISO 27001 and ISO 27701 certificates, and our data processing documentation for clients operating under GDPR, PDPA, the Australian Privacy Act, and other major frameworks. To request access, simply contact our team at consult@avvanz.com or submit a request via our website. We will provide you with a Non-Disclosure Agreement to sign. Once your NDA is received and approved, you will receive secure access details for our Trust Centre. This process is designed to help enterprise clients complete their due diligence efficiently and confidently.
We are proud of what this represents — not just as a milestone, but as a signal of how Avvanz is built: privacy-first, security-by-design, and audit-ready around the clock.
Audit-ready. Privacy-first. Trusted globally.
To request our SOC 2 Type II report or Trust Centre access, contact us at consult@avvanz.com or visit avvanz.com.
If your team needs support integrating our compliance documentation into your vendor management, onboarding, or procurement processes, our Trust Centre advisors are ready to help. We are available to walk you and your stakeholders through required documents, respond to InfoSec questionnaires, or align our documentation to your due diligence workflows. Let us know your requirements, and we will work in close partnership to help your onboarding run smoothly.