We completed TrendTech's SOC 2 Type II audit in Q1 2026, covering the platform's full operational scope. The report is available to prospective and current customers under NDA via the trust centre.
SOC 2 Type II is becoming a baseline expectation for European mid-market SaaS procurement, displacing the previous default of supplier-questionnaire-driven assessment. The shift is good for buyers — the audit produces standardised, independently-verified evidence — and reasonable for vendors of our scale, where the audit's incremental cost is justifiable against the procurement-cycle savings.
A note on what the report actually contains, for buyers comparing vendor reports. The audit covers a defined audit period (in our case, twelve months ending 31 December 2025). It assesses the operational effectiveness of controls against the Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy, depending on what is in scope). It produces an opinion: unqualified, qualified with exceptions, or adverse.
When reviewing a vendor's SOC 2 Type II report, look at three things. (a) The scope statement at the front — what is actually in scope; some vendors scope their audits narrowly. (b) The complementary user-entity controls (CUECs) — what the customer is expected to do; understanding these is critical for residual-risk assessment. (c) The exceptions section — any noted failures of control effectiveness; small numbers of exceptions are normal, large numbers or recurring exceptions across years are not.
Our report opinion is unqualified with zero exceptions. The audit covers Security, Availability, and Confidentiality criteria; Processing Integrity and Privacy are not in scope for the current period (we plan to extend Privacy into scope for the next cycle). The full report is 73 pages; the executive summary is 4. Both are available under NDA.