Is Evari SOC 2 compliant?

Security Last updated 2026-05-11 Tags: security, compliance, SOC 2, audit

Yes. Evari maintains SOC 2 Type II compliance. This means an independent auditor has assessed our security controls against the Trust Services Criteria — covering security, availability, and confidentiality — and confirmed they operate effectively over time.

What SOC 2 Type II means

SOC 2 Type II is a third-party audit of how a company manages data security. Unlike SOC 2 Type I (which is a point-in-time snapshot), Type II assesses controls over a period of at least six months, confirming they are consistently applied.

Requesting the report

Our SOC 2 report is available to customers and prospective customers under NDA. If you need a copy for your own compliance review, contact your account manager or email security@evari.tech.

Insurance industry context

Many insurance brokers and MGAs operate under regulatory oversight from APRA, FCA, or ASIC, which increasingly require evidence of supply chain security controls. Our SOC 2 Type II report is designed to support your own compliance obligations.

If you have specific questions about how Evari's security posture meets your regulatory requirements, contact us and we will arrange a technical discussion.

Other compliance frameworks

In addition to SOC 2, Evari complies with:

GDPR (EU and UK customers)
Australian Privacy Act (Australian customers)

We are actively working toward additional certifications as our customer base expands to new markets.