ORDR is
SOC 2 Type II
Certified.
An independent third-party auditor has verified that ORDR's security controls for the Security, Availability, and Confidentiality Trust Service Criteria operated effectively over a continuous 12-month audit period.
What SOC 2 Type II Means for Your Organization
Independent Verification
The SOC 2 Type II audit is conducted by an independent third-party auditor — not ORDR — who tests whether our described controls actually operated effectively over a continuous period.
Continuous, Not Point-in-Time
Unlike a Type I audit that assesses control design at a single point in time, a Type II audit tests control effectiveness over a sustained period, providing stronger assurance that controls are consistently applied.
Relevant to Your Vendor Risk Program
Many enterprise security programs require SOC 2 Type II reports as part of vendor assessment. ORDR's certification satisfies this requirement, and the full report is available to customers and prospects under NDA.
Ongoing Commitment
SOC 2 Type II certification is not a one-time achievement — it requires annual audits and continuous control maintenance. ORDR undergoes annual recertification to maintain its certification.
Trust Service Criteria in Scope
Security
The system is protected against unauthorized access, use, or modification.
Availability
The system is available for operation and use as committed or agreed upon.
Confidentiality
Information designated as confidential is protected as committed or agreed upon.
Scope and Coverage
| Platform Scope | ORDR's SaaS platform, including device discovery, behavioral analysis, risk assessment, and policy enforcement capabilities |
| Infrastructure Scope | Production cloud infrastructure hosted on Amazon Web Services (AWS) in the United States (us-east-1) |
| Audit Period | The most recent audit covered a continuous 12-month period, providing evidence of sustained control effectiveness |
| Auditor | Conducted by an independent, PCAOB-registered third-party accounting firm |
| Report Type | Type II — tests control effectiveness over the audit period, not just point-in-time design (Type I) |
SOC 2 FAQ
Can I get a copy of the SOC 2 Type II report?
Yes. The full SOC 2 Type II report is available to current customers and qualified prospects under a mutual NDA. Contact your account team or security@ordr.net to request a copy.
Which Trust Service Criteria does the audit cover?
The ORDR SOC 2 audit covers the Security, Availability, and Confidentiality Trust Service Criteria. These were selected as the criteria most relevant to ORDR's operational and data handling practices.
How recent is the certification?
ORDR undergoes annual SOC 2 Type II audits. Contact your account team for information on the current certification period.
Does ORDR have other security certifications?
In addition to SOC 2 Type II, ORDR complies with GDPR and CCPA requirements. We are evaluating ISO 27001 certification as part of our ongoing compliance roadmap. See our Trust Center for the most current information.
Does ORDR have a vulnerability disclosure program?
Yes. Security researchers who identify vulnerabilities in ORDR's platform can submit findings to security@ordr.net. We commit to acknowledging reports within 48 hours and providing an initial assessment within 10 business days.
Request the
Full Audit Report
The complete SOC 2 Type II report is available to current customers and qualified prospects under a mutual NDA.