We’re proud to share that Xemelgo has achieved SOC 2 Type I compliance for the Security Trust Services Category—a major milestone in our ongoing commitment to protecting customer data and ensuring secure, reliable operations.
So what does that mean - for us as an organization and for you as our customer or partner?
In this post, we’ll explain what a SOC 2 report is, what it covers, and why we chose to undergo this rigorous compliance audit.
What is a SOC 2 Report?
Obtaining a System and Organization Controls (SOC) 2 report is one way for a service organization to attest to the security of its digital environment.
Completing a SOC 2 examination through an accredited third-party auditor does not result in any certification. Instead, the resulting CPA’s report functions as a tool to help an organization communicate whether the internal controls they’ve put in place governing the security of customers’, partners’, and stakeholders’ data are properly designed, implemented, and maintained.
In simpler terms, a SOC 2 report provides an avenue for current and potential stakeholders to assess risk by giving them a closer look at the policies and procedures put in place to ensure the organization’s services are provided safely and reliably.
“Completing this SOC 2 Type 1 examination demonstrates the Xemelgo team’s strong commitment to security,” said Sydney Buchel, manager of automation SOC services at BARR Advisory. “Congratulations to Xemelgo on achieving this milestone and reinforcing their dedication to cybersecurity best practices.”
What does a SOC 2 Type I Cover?
All SOC 2 examinations are performed by accredited CPA firms under the standards defined by SSAE 18. An auditor tests the effectiveness of the internal controls outlined by the organization, then maps those controls against the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA).
A Type I report assesses the design of those controls at a single point in time, verifying that the necessary frameworks and safeguards are in place.
For Xemelgo, the focus of our audit was the Security principle: ensuring our systems are protected from unauthorized access, whether physical or logical.
This achievement lays the groundwork for our next step: pursuing SOC 2 Type II compliance, which validates the operational effectiveness of these controls over an extended period.
Why Xemelgo Pursued SOC 2 Compliance
Achieving SOC 2 compliance marks an important step in our commitment to data security and operational excellence.
Manufacturers, distributors, and retailers of all sizes rely on our cloud-based RFID platform to track their most valuable assets—from raw materials to finished goods—across their operations. Protecting that data is central to everything we do.
“Security is foundational to how we operate,” said Akhila Tadinada, Co-Founder and CTO of Xemelgo. “SOC 2 compliance reinforces that our customers can trust Xemelgo to protect their data as rigorously as they protect their own.”
By completing a rigorous third-party audit, we’ve strengthened our commitment to maintaining secure infrastructure, safeguarding operational data, and earning the ongoing trust of our customers and partners.
Learn more
Our auditor, BARR Advisory, has provided a detailed breakdown on how to read a SOC 2 report, including where to find the most important and relevant information for your situation.
Current and prospective customers interested in obtaining a copy of Xemelgo’s latest SOC 2 report may contact Xemelgo at support@xemelgo.com.
