Donate Donate
Trust and Security

Trust and Security

Verra SOC 2® Type II Trust and Security

Overview

System and Organization Controls (SOC) is a framework developed by the American Institute of Certified Public Accountants (AICPA) for evaluating an organization’s internal controls related to security, availability, confidentiality, processing integrity, and privacy. As part of our ongoing commitment to maintaining the highest standards of trust and security. Verra has completed the AICPA examination and achieved SOC 2 Type II compliance as of October 1, 2025.

AICPA SOC

A SOC 2® Type II report provides independent assurance that Verra’s controls were not only designed effectively but also operated effectively over a defined review period. This examination reinforces our dedication to protecting sensitive information, maintaining resilient systems, and ensuring the reliability of the services we provide.

What SOC 2® Type II Means

A SOC 2® Type II examination evaluates the operating effectiveness of controls across the Trust Services Criteria. For Verra, this includes:

  • Security: Safeguards are in place to protect systems and data against unauthorized access and threats.
  • Availability: Systems are designed and maintained to support reliable, consistent access for users and partners.
  • Confidentiality: Controls ensure that sensitive information is protected throughout its lifecycle.
  • Processing Integrity: Systems operate as intended to deliver complete, accurate, and authorized results.
  • Privacy: Personal information is collected, used, retained, and disposed of in accordance with defined commitments.

The SOC 2® Type II report gives stakeholders confidence that these controls were tested over time and operated effectively throughout the examination period.

Why SOC 2® Matters to Our Stakeholders

Organizations across the climate, sustainability, and environmental data ecosystem rely on Verra to manage data responsibly, operate securely, and safeguard confidential information. The completion of our SOC 2® Type II examination demonstrates Verra’s continued investment in:

  • Robust internal control systems
  • Strong governance and risk management practices
  • Secure technology infrastructure
  • Clear processes that support operational excellence

By maintaining these standards, Verra provides the assurance that stakeholders need when engaging with trusted certification programs and digital systems.

Our Commitment to Security and Trust

Security, integrity, and transparency are foundational to Verra’s mission. The SOC 2® Type II examination is one component of our broader trust and security program, which includes:

  • Regular third-party security assessments
  • Continuous monitoring of systems and potential threats
  • Strict access controls and data governance policies
  • Ongoing investment in privacy and risk management practices

Accessing Verra’s SOC 2® Type II Report

To protect the confidentiality of the information in the SOC 2® report, Verra provides access only upon request and under a nondisclosure agreement.

Request a Copy of the ReportButton Icon

About SOC 2®

SOC 2® is one of several AICPA System and Organization Controls offerings that help organizations demonstrate the maturity and effectiveness of their internal control environment. More information is available at the AICPA’s SOC resource center.