Compliance

SOC 2 Type II

An independent examination of the security controls protecting Light's platform and your data, conducted under AICPA attestation standards.

Last updated: 10-07-2026

SOC 2 Type II is an attestation standard developed by the American Institute of Certified Public Accountants (AICPA). It requires an independent auditor to examine, over a sustained period rather than a single point in time, whether a company's controls are suitably designed and operating effectively against a defined set of criteria. Light's SOC 2 Type II report was examined by Prescient Assurance, an independent, AICPA-accredited auditing firm.

Trust services category

Security

Audit period

Feb 10, 2025 – Jun 1, 2025

Independent auditor

Prescient Assurance

Opinion

Unqualified

Test results

No exceptions noted across all controls tested

Subservice organization

AWS (cloud hosting infrastructure)

What the Security category covers

The Security trust services criteria assess whether a system is protected against unauthorized access, both physical and logical. For Light, the auditor's examination covered areas including organizational integrity and ethical values, HR policies and background checks, risk assessment processes, logical access controls, change management, physical security, computer operations and backups, availability of the platform, and data communications, alongside the design and operation of monitoring controls used to detect and respond to issues.

Light's infrastructure runs on AWS, which supplies the underlying cloud hosting, physical data-centre security, compute, storage, and network infrastructure as a subservice organization. The examination scope covers Light's own controls; AWS maintains its own independent SOC 2 attestation for the infrastructure layer.

Book a demo