Skip to main content
Back to News

Diligent AI Achieves SOC 2 Type II Compliance

Subscribe for Updates

We’re proud to share that Diligent AI has successfully completed a SOC 2 Type II audit.

We partnered with Oneleet to move efficiently through the process while maintaining a high standard of rigor and clarity.

For the fintechs, banks, and compliance teams we work with, trust is foundational.
SOC 2 Type II provides independent assurance that our security and operational controls are not only well designed, but consistently operated over time.

What SOC 2 Type II means

SOC 2 is an independent audit framework focused on how organizations protect customer data and operate critical systems.

A Type II report evaluates how controls perform over an extended period, not just at a single point in time.

In practice, this includes areas such as:

  • Access control and identity management
  • Secure software development and change management
  • Incident monitoring and response
  • Business continuity and disaster recovery
  • Vendor and risk management

From ISO 27001 to SOC 2

We achieved SOC 2 Type II shortly after completing ISO/IEC 27001 — within roughly two months.

This was possible because we had already earned ISO 27001 in May 2025 and had since embedded those controls deeply into our engineering and operational workflows.

As a result, completing SOC 2 mainly involved:

  • Mapping existing practices to SOC 2 criteria
  • Tightening control narratives
  • Ensuring evidence was structured and traceable

The incremental work was relatively small — just a few focused days.

Challenges we tackled

Even with strong foundations, moving quickly still required careful execution:

  • Operationalizing evidence: it’s not enough to do the right thing — controls must be consistently documented.
  • Maintaining engineering velocity: ensuring strong change management while shipping continuously.
  • Demonstrating consistency: SOC 2 Type II requires proving controls operate reliably over time.

What we learned

A few lessons stood out:

  • Security works best when embedded into daily workflows, not treated as a separate project.
  • Clear ownership and simple processes scale better than complex playbooks.
  • Good documentation is an operational advantage — it improves reliability, onboarding, and incident response.

What’s next

Compliance is not a milestone — it’s part of how we operate.

We will continue strengthening our security program as we expand our platform and support more regulated financial institutions globally.

If you’d like to learn more about our security posture you can visit https://trust.godiligent.ai/

Keep Reading

Hiding in Plain Sight - Catching prohibited business activities
Industry research

Hiding in Plain Sight - Catching prohibited business activities

Explore how Agentic AI can investigate businesses and uncover if they engage in prohibited activities that don't match what they declare

Read all
Read all
From Grunt work to Great work: Rethinking Due Diligence
Industry research

From Grunt work to Great work: Rethinking Due Diligence

How AI technology automates KYC and AML processes.

Read all
Read all
Diligent raises funding from Y Combinator
News

Diligent raises funding from Y Combinator

Announcing Diligent AI raising funding from Y Combinator

Read all
Read all