SOC 2 Type II
An independent examination of the security controls protecting Light's platform and your data, conducted under AICPA attestation standards.
Last updated: 10-07-2026
SOC 2 Type II is an attestation standard developed by the American Institute of Certified Public Accountants (AICPA). It requires an independent auditor to examine, over a sustained period rather than a single point in time, whether a company's controls are suitably designed and operating effectively against a defined set of criteria. Light's SOC 2 Type II report was examined by Prescient Assurance, an independent, AICPA-accredited auditing firm.
Trust services category
Security
Audit period
Feb 10, 2025 – Jun 1, 2025
Independent auditor
Prescient Assurance
Opinion
Unqualified
Test results
No exceptions noted across all controls tested
Subservice organization
AWS (cloud hosting infrastructure)
What the Security category covers
The Security trust services criteria assess whether a system is protected against unauthorized access, both physical and logical. For Light, the auditor's examination covered areas including organizational integrity and ethical values, HR policies and background checks, risk assessment processes, logical access controls, change management, physical security, computer operations and backups, availability of the platform, and data communications, alongside the design and operation of monitoring controls used to detect and respond to issues.
Light's infrastructure runs on AWS, which supplies the underlying cloud hosting, physical data-centre security, compute, storage, and network infrastructure as a subservice organization. The examination scope covers Light's own controls; AWS maintains its own independent SOC 2 attestation for the infrastructure layer.