# Is Cosine SOC 2 / ISO 27001 compliant? **Cosine follows SOC 2 Type II and ISO/IEC 27001 standards for security and data protection.** These frameworks guide how we manage access, encryption, monitoring, and operational controls across all deployments. *** ### Current compliance status * **SOC 2 Type II** – In audit phase, with certification expected in **2025**. * **ISO/IEC 27001** – Implementation in progress, following the latest 2022 controls. * **GDPR and CCPA alignment** – Cosine meets key global privacy requirements. While formal audits are underway, Cosine’s **security posture already meets or exceeds** the standards required for these certifications. Our infrastructure and policies are modeled directly on SOC 2 and ISO frameworks, ensuring a smooth certification path. *** ### Controls and practices * **Data isolation:** Dedicated, encrypted workspaces per customer. * **Encryption:** AES-256 at rest, TLS 1.3 in transit. * **Access management:** SSO, SCIM, and RBAC. * **Audit logs:** Continuous activity tracking and export options. * **Incident response:** Documented, tested procedures with defined SLAs. These are the same controls used in production for **enterprise and defense customers** with higher-than-standard requirements. *** ### Customer assurance Even before certification, Cosine meets the compliance expectations of organizations whose policies exceed SOC 2 — including **investment banks and defense contractors**. Many of these customers deploy Cosine **on-premise or in air-gapped environments**, giving them full control over their data. If you require a security review, our team can share: * Policy documentation (access, data handling, encryption) * Attestation of compliance status * Architecture diagrams and network isolation details *** ### Why this matters SOC 2 and ISO 27001 provide independent verification that a company protects customer data with rigor and transparency. For Cosine, these frameworks formalize what’s already true in practice — enterprise-grade security, isolation, and operational excellence. *** ### Related pages * [How does Cosine handle security, privacy, and IP?](https://docs.cosine.sh/~/revisions/3wphksGA7ynvdsBIb4qA/faqs/security-and-compliance/how-does-cosine-handle-security-privacy-and-ip) * [Where does Cosine run?](https://docs.cosine.sh/~/revisions/3wphksGA7ynvdsBIb4qA/faqs/security-and-compliance/where-does-cosine-run) * [How does Cosine minimise hallucinations and ensure code quality?](https://docs.cosine.sh/~/revisions/3wphksGA7ynvdsBIb4qA/faqs/technology-and-quality/how-does-cosine-minimise-hallucinations-and-ensure-code-quality) → Next: [Does Cosine store code or PII? Can we opt out of training?](https://docs.cosine.sh/~/revisions/3wphksGA7ynvdsBIb4qA/faqs/security-and-compliance/does-cosine-store-code-or-pii-can-we-opt-out-of-training)