Compliance

SOC 1 Type II

An independent examination of the controls relevant to your internal control over financial reporting (ICFR), for the AI Accounting Platform system.

Last updated: 10-07-2026

SOC 1 Type II reports address controls at a service organization that are likely to be relevant to a user entity's own internal control over financial reporting. It's the standard your auditors will look for when Light is in scope for your SOX or ICFR program. Light's SOC 1 Type II report was examined by AAFCPA, an independent CPA firm, and covers Light's AI Accounting Platform system.

System examined

AI Accounting Platform system

Audit period

Jul 1, 2025 – Dec 31, 2025

Independent auditor

AAFCPA

Opinion

Unqualified

Test results

No exceptions noted across all control objectives tested

Subservice organization

AWS (cloud hosting, physical data-centre security, compute, storage, and network infrastructure)

What this means for your audit

The report describes Light's control environment and tests the operating effectiveness of controls across the period, giving your auditors evidence they can rely on instead of re-testing Light's controls directly. As with any SOC 1 report, some control objectives depend on complementary user entity controls (things your own organization needs to have in place) and complementary subservice organization controls (controls AWS maintains on Light's behalf). Both are documented in the full report.

The full report is confidential and shared directly with customers and their auditors as part of due diligence; the summary above reflects its key facts and outcome.

Book a demo