Skip to content
Insights
Outsight have achieved SOC 2 compliance

Outsight Achieves SOC 2 Compliance

We are excited to share that Outsight has attained SOC 2 compliance, proving our commitment to safeguarding the security and privacy of customer data.

This milestone reinforces our dedication to data security and privacy across all our services and reflects our commitment to maintaining best-in-class data management practices.

What is the SOC 2 Compliance?

SOC 2 is a compliance framework developed by the American Institute of CPAs (AICPA), designed to evaluate an organization’s security practices.

It is widely used to assess how companies handle data privacy and safeguard information.

SOC 2 is a compliance framework developed by the American Institute of CPAs (AICPA)

A SOC 2 report demonstrates our adherence to security and data protection protocols, showing our commitment to keeping sensitive information secure.

What is the SOC 2 Structure?

SOC 2 Structure - Trust Services Criteria

SOC 2 compliance is based on five key Trust Services Criteria that evaluates how an organization handles security and data processing.

  • Security: Ensures that our systems and stored data are protected from unauthorized access and disclosure.
  • Availability: Ensures that systems and data are available and functioning as intended for users and business operations.
  • Confidentiality: Ensures that any confidential data is appropriately safeguarded from unauthorized exposure.
  • Processing Integrity: Verifies that systems process data accurately, completely, and within the required timeframe.
  • Privacy: Focuses on how personal data is collected, stored, used, and disposed of according to privacy policies.

Why is SOC 2 Important?

Undergoing a SOC 2 audit is essential for businesses to understand and strengthen their security posture. By going through this process, companies can identify gaps in their current practices and better protect sensitive data.

Achieving SOC 2 compliance is particularly important for technology companies like ours, as it provides clients with confidence in our ability to manage their sensitive data securely and efficiently.

The primary benefit of a SOC 2 audit is the issuance of a report that outlines a company’s internal security measures. This report can be shared with regulators, business partners, and prospective clients as proof of commitment to data protection.

Achieving SOC 2 Compliance with Vanta

Our journey to SOC 2 compliance was made smoother by our previous experience with ISO 27001, as both frameworks share similar security requirements.

Working closely with Vanta and VioletX, we efficiently prepared for the SOC 2 audit, leveraging their expertise to meet the strict security standards.

Achieving SOC 2 Compliance with Vanta

This accomplishment reinforces our standing as a security-conscious organization and aligns us with industry leaders who prioritize data protection.

Success Built on Client Assurance

This certification follows our other fundamental industry recognized certifications, including our ISO 27001 certification, as well as our TISAX compliance in the automotive sector.

Outsight Achieves ISO 27001 Certification

We are thrilled to announce the achievement of ISO 27001 Certification, marking a commitment to top-tier information security.

Read article →

Outsight Achieves ISO 27001 Certification

We are thrilled to announce that we have successfully obtained the TISAX Certification, which serves as a testament to our dedication to the highest standards of information security.

Read article →

As we continue to grow, our commitment to innovation extends beyond compliance. Alongside our success in cybersecurity, we’ve also been recognized for our pioneering work in 3D technology.

Gartner® recently named Outsight a leader in real-time digitalization with our groundbreaking approach to Live Digital Twins, further solidifying our reputation for delivering secure, cutting-edge solutions.

Read more about our recognition by Gartner® here.

Gartner® Highlights Outsight as Digital Twin leader

Recognized for pioneering real-time digitalization of dynamic environments, Outsight sets itself apart by focusing on the live monitoring of people and vehicle flows.

Read article →

As we continue to grow, these achievements solidify Outsight’s reputation as a leader in secure, innovative solutions.

Related Articles

AIRPORTS

Aeroporti di Roma to deploy Outsight's Physical AI solution at scale across Rome Fiumicino Airport

Aeroporti di Roma (ADR) is expanding its collaboration with Outsight to a large-scale deployment across almost all Schengen common-use areas at Rome Fiumicino Airport.
CORPORATE

Intel and Outsight Announce Strategic Collaboration to Bring Physical AI–Powered Spatial Intelligence to the Enterprise Edge

Outsight’s Shift platform integrated into Google Distributed Cloud Edge powered by Intel Xeon 6 SoC – Live demonstration at Google Cloud Next 2026

Let's connect

Send us a Message

Drop your email and we'll get back to you as soon as possible.

Frequently Asked Questions

  • What is the difference between SOC 2 Type I and SOC 2 Type II?

    SOC 2 Type I assesses whether security controls are properly designed at a single point in time. SOC 2 Type II goes further, testing whether those controls operated effectively over an extended observation period, typically six to twelve months. Type II is the more demanding standard and is what most enterprise procurement teams require before sharing sensitive operational data with a vendor. The AICPA developed both variants under the same Trust Services Criteria framework. Outsight's SOC 2 compliance is significant in this context because the SHIFT platform processes real-time 3D spatial data across airports, train stations, and industrial facilities, making rigorous, independently validated security controls a prerequisite for enterprise deployments.

  • Does SOC 2 compliance cover subprocessors and third-party integrations?

    SOC 2 audits examine a company's own control environment, but the scope can extend to subprocessors when those third parties handle in-scope data. Auditors typically review vendor management programs to confirm that upstream dependencies do not introduce gaps in the five Trust Services Criteria: security, availability, confidentiality, processing integrity, and privacy. Outsight's SOC 2 compliance reflects this broader accountability model, covering not only its internal controls but also the vendor relationships that touch customer data within the SHIFT platform. Organizations that pass the audit must maintain this chain of accountability continuously, not only at audit time.

  • How does TISAX differ from SOC 2 for automotive industry suppliers?

    TISAX (Trusted Information Security Assessment Exchange) is an automotive-sector standard administered by the ENX Association, built on top of VDA ISA requirements derived from ISO 27001. SOC 2 is a US-origin framework from the AICPA focused on service organizations handling customer data. A key practical difference is how results are shared: TISAX findings circulate only within the closed automotive exchange network and are never publicly disclosed, whereas SOC 2 reports can be shared freely with any prospective client or regulator. Outsight, which holds SOC 2 compliance and deploys its SHIFT platform across automotive manufacturers including BMW, illustrates how suppliers operating across industries often pursue both certifications to satisfy two distinct partner ecosystems with a single underlying security posture.

  • Can a spatial intelligence platform built on LiDAR achieve SOC 2 compliance if the raw sensor data never contains personal information?

    Yes, and the nature of LiDAR data can simplify the Privacy criterion in the audit. Because LiDAR captures geometry and motion rather than images, faces, or license plates, there is no personal data pipeline to audit under that criterion. Outsight's SHIFT platform illustrates this directly: the system is anonymous by definition, meaning the Privacy criterion carries a structurally smaller surface than equivalent camera-based systems. The remaining four Trust Services Criteria (security, availability, confidentiality, and processing integrity) still apply to the platform's infrastructure, APIs, and customer-facing data stores, so the audit scope is real and substantive even where the privacy exposure is reduced.

  • What role does a compliance automation platform like Vanta play in a SOC 2 audit?

    Compliance automation platforms continuously monitor cloud infrastructure, access controls, and vendor configurations against SOC 2 control requirements, flagging gaps before the auditor arrives. They collect evidence automatically (access logs, encryption status, incident records) and map it to the relevant Trust Services Criteria, reducing the manual work of preparing audit packages. Outsight used this approach as part of its path to SOC 2 compliance, which is particularly relevant given that its SHIFT platform processes real-time 3D spatial data across airports, factories, and transit hubs on five continents. The platform does not replace the auditor; a licensed CPA firm must still issue the report. It shortens the preparation cycle and lowers the risk of control failures going undetected between assessments.

  • How often does a SOC 2 certification need to be renewed?

    SOC 2 reports do not expire on a fixed schedule the way ISO certifications do, but they carry a defined observation period, typically twelve months for a Type II report. Once that period closes, the report becomes stale for procurement purposes, and most enterprise buyers will request a current report covering the prior twelve months. Outsight, which achieved SOC 2 compliance to meet the security and privacy requirements of enterprise customers across airports, factories, and smart-city deployments, follows this continuous audit model so a fresh report is always available on request. In practice, vendors that rely on SOC 2 to close enterprise deals maintain ongoing audit programs rather than treating certification as a one-time milestone.