Cymonz is pleased to announce that we have successfully received our SOC 2 Type 2 Attestation, following an independent examination of our controls related to security, availability, and confidentiality.
The audit was conducted by Sensiba and covered the period from 1 September 2025 through 30 November 2025. The audit concluded that Cymonz's controls were suitably designed and operated effectively throughout the review period to meet the applicable Trust Services Criteria.
What SOC 2 Type 2 means
SOC 2 Type 2 is one of the most rigorous independent assessments available for technology companies. Unlike a Type 1 attestation — which confirms that controls are designed appropriately at a single point in time — Type 2 confirms that those controls were operating effectively over an extended period. That distinction matters. It means our clients aren't taking our word for it. They have independent, third-party confirmation.
The attestation covers five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. For a payments infrastructure company handling sensitive financial data across multiple jurisdictions, meeting these standards isn't optional — it's foundational.
What the audit found
The audit report highlights Cymonz's commitment to competence, noting that integrity and ethical values are important foundations of the company's control environment, culture, and governance. Sensiba's examiners reviewed our policies, procedures, access controls, monitoring processes, incident management protocols and data handling practices across the full audit period.
No material exceptions were noted.
Why this matters for our clients
Our clients are banks, fintechs and regulated financial institutions. They operate in environments where vendor risk is taken seriously — by their own compliance teams, their regulators, and their boards. SOC 2 Type 2 gives them a standardised, independently verified basis on which to assess Cymonz as a partner.
It also supports their own compliance obligations. When a bank's risk team is evaluating a third-party payments infrastructure provider, having a current SOC 2 Type 2 report removes significant friction from the procurement and approval process.
"Achieving SOC 2 Type 2 is another significant milestone for Cymonz. It reflects the standards we have set for ourselves — that trust, integrity, and delivery are fundamental to how we operate. The attestation is the result of consistent, disciplined work by our team and reinforces our commitment to delivering a world-class SaaS solution our existing and prospective customers can rely on."
Simon Lynch, CEO & Founder
Building the governance foundation
SOC 2 Type 2 is part of a broader programme of governance and policy development at Cymonz. As we expand globally and take on clients in increasingly regulated environments, having robust, independently verified frameworks in place is a prerequisite — not an afterthought. This attestation is a milestone in that programme, and we will continue to build on it.