Skip to main content

Can customers audit amaise’s security controls?

Written by amaise Support

Can customers audit amaise’s security controls?

Yes. Customers have several options to review amaise’s security controls:

  • ISO 27001 certificate and Statement of Applicability — available upon request

  • SOC 2 Type II report — accessible upon request under NDA (non-disclosure agreement)

  • Penetration test reports — available for review upon request under NDA

  • Audit rights — embedded in the data processing agreement (DPA), customers can audit compliance with security controls directly or through third-party auditors

  • Customer-initiated penetration tests — allowed after prior coordination. The WAF IP allowlist can be configured for penetration test partners. Scope and timing are agreed in advance.

Additional evidence: amaise's current attestation portfolio centers on ISO 27001 and SOC 2 Type II. Additional frameworks are evaluated on request — contact us at [email protected] for specific evidence requests.

amaise is contractually committed to maintaining the existing certifications throughout the contract term and to notify customers in case of any loss.

Did this answer your question?