At Fing, we believe that helping businesses understand, monitor, and optimize their connected environments requires more than powerful technology. It requires trust. Our customers rely on us as an authoritative partner in their digital operations, and that means ensuring the data they entrust to us is protected with uncompromising rigor.
Today, we’re proud to announce that Fing has achieved its first SOC 2 Type II attestation report, evaluated by an independent third-party auditor. This is not just a certification: it is independent, evidence-based confirmation that our security controls are not only well-designed, but that they operated effectively over a sustained period of time.
What is SOC 2 Type II, and why does it matter?
SOC 2 (System and Organization Controls 2) is a globally recognized framework developed by the American Institute of Certified Public Accountants (AICPA). It provides a structured way to evaluate how service providers manage and safeguard customer data, assessed against the Trust Services Criteria (TSC).
There are two levels of SOC 2 report:
- Type I evaluates whether security controls are suitably designed at a single point in time.
- Type II goes further: it evaluates whether those controls actually operated effectively over an extended audit period.
Fing’s report covers the period from September 2025 to March 2026 and focuses on the Security Trust Services Criteria. It’s the most foundational category, covering how we protect information across its entire lifecycle: collection, processing, transmission, and storage.
The audit examined all nine Common Criteria domains (CC1 through CC9), spanning our control environment, risk assessment processes, monitoring activities, logical access controls, system operations, and change management practices. The result: no exceptions noted across all tested controls.
Why cybersecurity is core to Fing’s mission
Connectivity powers modern business, but every connected device, platform, or service introduces potential risk. At Fing, we understand that visibility into your digital environment is only meaningful when paired with strong security. We take that responsibility seriously.
Three principles guide our approach:
- You can’t protect what you can’t see. Fing helps organizations discover and understand every device on their network. That same commitment to visibility applies to how we manage your data: we know what we hold, where it lives, and who can access it.
- Your trust is our most important asset. Security is embedded into every layer of our technology and our organization. From how we write code to how we manage vendor relationships, security considerations are part of every decision.
- Compliance is a continuous commitment, not a checkbox. SOC 2 Type II is one milestone in a longer journey. We will continue investing in the processes, controls, and culture that keep Fing – and our customers – secure.
What we were audited on: a look inside our controls
The audit examined Fing’s Network Discovery, Monitoring, and Security Applications – including Fing Web, Fing Mobile, Fing Desktop, and Fing Agent – across a broad set of security control domains. Here are some of the key practices the auditor evaluated and confirmed:
- Access Management: access to our systems follows formal provisioning and deprovisioning processes, tied to HR onboarding and offboarding workflows. Role-based access is enforced, with quarterly access reviews conducted by system owners. Privileged accounts are identified, documented, and restricted. Multi-factor authentication is required for all cloud-based applications, and production environments are accessible only through encrypted VPN connections.
- Secure Development Lifecycle: security is integrated directly into our engineering process through a dedicated Security Champions program – engineers embedded in development teams who advocate for secure coding practices and review security considerations at every stage. All code changes require peer review and automated security analysis before merging.
- Security Monitoring and Incident Response: we continuously monitor our platform for security events, using AWS CloudTrail and our security monitoring backend to capture and analyze telemetry. When alerts are triggered, our external SOC partner is automatically notified and an incident response process is initiated. We maintain a documented incident response policy and perform root cause analysis on major incidents to prevent recurrence.
- Vulnerability Management: production systems are scanned for vulnerabilities on a quarterly basis, and penetration testing is conducted continuously through a bug bounty program. Identified vulnerabilities are reviewed, prioritized by severity, and converted into action plans. A patch management process keeps our cloud databases and operating systems up to date.
- Data Protection: all data in transit is protected using TLS encryption across public endpoints, streaming services, and queues. Data at rest in our cloud environment is protected through strong encryption protocols. Our infrastructure is segmented into Virtual Private Clouds (VPCs) with security groups acting as virtual firewalls.
- Business Continuity and Disaster Recovery: we maintain a documented disaster recovery policy, reviewed annually, with recovery procedures tested on a quarterly basis. Our infrastructure is built on AWS high-availability services to minimize data loss and service disruption.
What this means for our customers
Our SOC 2 Type II certification gives Fing customers and partners independent assurance that their information is protected by controls that have been tested and verified, not just documented.
For procurement teams, security reviewers, and compliance officers, this report provides the structured evidence needed to complete vendor assessments and satisfy due diligence requirements. It demonstrates that Fing has the organizational maturity, governance, and technical controls expected of a trusted B2B partner.
Whether you’re an existing customer or evaluating Fing for your organization, you can request a copy of the SOC 2 report to support your vendor due diligence process. The report is available subject to confidentiality terms: reach out to our support team, or explore Fing Professional if you’d like to learn more about our B2B offering.
Continuing our journey
SOC 2 Type II is the first formal milestone in a broader and ongoing initiative to strengthen our security posture and increase transparency with our customers and partners. We will continue investing in industry-standard compliance frameworks and refining our processes to align with evolving best practices and customer expectations.
Security, reliability, and trust will always remain at the core of Fing’s mission. This certification reinforces that commitment, and we look forward to building on it together with you.
