CoParentOS

Security

SOC 2 Compliance

Updated 19 June 2026

What is SOC 2?

SOC 2 (Service Organisation Control 2) is an internationally recognised auditing standard developed by the American Institute of CPAs (AICPA). It evaluates a service provider's controls across five Trust Service Criteria:

  • Security: Protection against unauthorised access and disclosure
  • Availability: The system is available for operation as committed
  • Processing Integrity: System processing is complete, valid, and accurate
  • Confidentiality: Information designated as confidential is protected
  • Privacy: Personal information is handled in accordance with privacy commitments

Our commitment

CoParentOS is actively working toward SOC 2 Type I certification. We have designed our platform from day one with the controls and practices that SOC 2 requires:

Security

  • AES-256 encryption at rest
  • TLS 1.3 in transit
  • Household-level data isolation
  • Multi-factor authentication
  • Append-only audit logging

Availability

  • Daily automated backups
  • Point-in-time recovery
  • Global edge network deployment
  • Documented disaster recovery procedures

Processing Integrity

  • Database constraints ensure valid data
  • TypeScript strict mode across codebase
  • Append-only patterns for critical records
  • Input validation on all API routes

Privacy

  • Australian Privacy Principles compliant
  • Data minimisation by design
  • Documented retention and deletion
  • No advertising or data selling

Current status

CoParentOS is in an active readiness phase. Our technical controls — encryption, access control, audit logging, data isolation, backup and recovery — are built and operational. We are now formalising our governance framework, risk management processes, and monitoring systems in preparation for an independent audit.

We target SOC 2 Type I certification in late 2026, followed by SOC 2 Type II after a minimum operating period.

Type I vs Type II

SOC 2 Type I evaluates the design of controls at a point in time — are the right controls in place?

SOC 2 Type II evaluates the operating effectiveness of controls over a period of time (typically 6-12 months) — are the controls working as designed?

Type I demonstrates that our architecture is sound. Type II proves it works in practice.

Questions?

For enterprise procurement or detailed compliance questions, contact security@coparentos.com.au. Our full SOC 2 readiness package is available under NDA.