SOC 2 Type II Certification

Certified for Security, Availability, and Confidentiality

Certified

Certification Period

Type II - 2025

Evidence Readiness

97.1%

Controls Passing

82 / 82

Certification Status

Active

Certification Status

Evidence Collection

97.1%

136 of 140 evidence items ready

Controls Passing

100.0%

82 of 82 controls passing tests

View Evidence View Controls

Certification Timeline

Audit Planning & Scoping

May 2025

Defined audit scope, selected Trust Services Criteria, and engaged auditor.

Control Implementation

June 2025

Implemented all 82 security controls across infrastructure, organizational, product, internal, and data privacy domains.

Evidence Collection

June - July 2025

Collecting and documenting evidence for all controls via Vanta continuous monitoring.

Audit Period Begins

July 1, 2025

SOC 2 Type II audit period starts. All controls will be tested over 3-month observation period.

Fieldwork & Testing

July - September 2025

Auditor performs control testing, reviews evidence, and conducts interviews.

Audit Period Ends

September 30, 2025

End of observation period. Final evidence submitted for auditor review.

Report Issuance

October 2025

Auditor issues SOC 2 Type II report with opinion on control effectiveness.

Auditor

Firm: Prescient Assurance
Contact: audit@prescientassurance.com
Audit Type: SOC 2 Type II

Trust Services Criteria

Security (CC)

Availability (A)

Confidentiality (C)

Scope

All systems, processes, and controls related to the Mesta payment platform, including infrastructure, application security, data protection, and organizational controls.

Live Monitoring

Real-time compliance monitoring via Vanta platform

Open Vanta Dashboard