We're SOC 2 Type 1 certified. Now we're going for Type 2.

SparkGrid Software has achieved SOC 2 Type 1 certification — and we're not stopping there. We're already in the Type 2 observation period, building the continuous evidence trail that our customers in healthcare, financial services, defense, and legal deserve.

When we set out to build Box Connector, we knew the customers we wanted to serve — regulated industries where data handling isn't a feature request, it's a legal and ethical obligation. That conviction has shaped every product decision we've made, and it's what brought us to this milestone.

SOC 2 Type 1 is a point-in-time attestation. An independent auditor examined our controls — how we handle access, change management, availability, incident response, and data integrity — and confirmed that our security posture is real, documented, and operating as designed. We passed.

What this means for our customers

"Your security team can stop asking — and start reviewing the report."

But we're more interested in what comes next. Type 2 isn't a certification you earn in a day. It's a continuous audit spanning months of live operations — auditors watching your controls work in the real world, through real incidents, real changes, real access requests. It's harder to fake and more valuable to hold.

We started our Type 2 observation period immediately. We're working with Modern Assurance as our audit partner, and we expect to complete the observation window and receive our Type 2 report later this year.

Complete

SOC 2 Type 1 certification

Controls designed and operating as intended, per independent audit. Point-in-time attestation complete.

In progress

SOC 2 Type 2 observation period

Live audit underway with Modern Assurance. Evidence collection across access, change management, availability, and incident response controls.

Upcoming

Type 2 report issued

Expected later this year — continuous assurance for customers across regulated industries.

For the teams evaluating Box Connector for their HubSpot-to-Box integrations — in financial services, healthcare, legal, or defense — this certification is your starting point. Our SOC 2 Type 1 report is available under NDA. If you're deep into a security review, reach out and we'll get it in your hands.

Compliance isn't a checkbox for us. It's the product. We'll keep building accordingly.

Questions about our security posture?→security@sparkgridsoftware.com