SOC 2 Type II Certification – Independent Audit & Attestation

eScan (MicroWorld Software Services Pvt. Ltd. / MicroWorld Technologies Inc.) has successfully completed a comprehensive SOC 2 Type II audit and attestation conducted by an independent, accredited audit firm. This rigorous evaluation validates the effectiveness of our security controls over an extended observation period, demonstrating our unwavering commitment to maintaining the highest standards of data security, privacy, and operational integrity for our customers worldwide.

The SOC 2 Type II certification encompasses eScan's complete IT infrastructure ecosystem, including our internal corporate systems, development environments, and customer-facing SaaS cloud solutions hosted on Microsoft Azure and Yotta Infrastructure.

Unlike SOC 2 Type I, which evaluates controls at a single point in time, Type II certification involves continuous monitoring and testing of controls over a minimum period of six months, providing substantial assurance about the operational effectiveness of our security practices in real-world conditions. This certification validates that eScan not only has robust security policies and procedures in place but also consistently implements and maintains them across all operational scenarios.

The SOC 2 Type II audit evaluated eScan's adherence to the five Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA).

• Security controls assessed include perimeter defense mechanisms (next-generation firewalls, intrusion prevention systems, DDoS protection), network segmentation, vulnerability management, security incident and event monitoring (SIEM), and comprehensive threat detection and response capabilities.
• Availability controls encompass business continuity planning, disaster recovery procedures with defined RTO/RPO objectives, redundant infrastructure architecture, incident management protocols, root cause analysis procedures, and statutory reporting mechanisms to ensure uninterrupted service delivery.
• Confidentiality controls cover strict access control mechanisms with role-based access control (RBAC), multi-factor authentication, encryption of data at rest and in transit using industry-standard algorithms, secure key management practices, and comprehensive audit logging.
• Privacy controls address the collection, use, retention, disclosure, and disposal of personal information in compliance with global privacy regulations including GDPR, DPDP Act, and other applicable data protection laws.
• Processing Integrity controls ensure that system processing is complete, valid, accurate, timely, and authorized, incorporating quality assurance processes, input validation, error handling, and change management procedures throughout our software development and deployment lifecycle.

This SOC 2 Type II certification complements eScan's existing ISO 27001 (Information Security Management) and ISO 20000-1 (IT Service Management) certifications, which are available for review on our ISO Certifications page.

Together, these internationally recognized certifications demonstrate eScan's holistic approach to cybersecurity, operational excellence, and regulatory compliance. While ISO certifications validate our management systems and processes against international standards, SOC 2 Type II provides specific assurance about the operational effectiveness of security controls protecting customer data in our cloud infrastructure – a critical consideration for government agencies, enterprises, and organizations handling sensitive information.

The official SOC 2 Type II audit report is available under Non-Disclosure Agreement (NDA) to prospective and existing customers, partners, auditors, and regulatory authorities. This controlled distribution ensures the confidentiality of our detailed security architecture while providing necessary transparency to stakeholders who require verification of our security posture for compliance, procurement, or risk assessment purposes. To request a copy of our SOC 2 Type II attestation report, please contact our Sales and Compliance team at sales@escanav.com with your organization details and intended use case. We are committed to supporting your due diligence processes and demonstrating our security capabilities through this comprehensive, independently verified documentation.