SOC 2 Type II

Effective 2026-05-15 · ForgeOrbis

ForgeOrbis maintains a SOC 2 Type II program covering the design and operating effectiveness of controls for the platform we ship and the systems we operate.

SecurityAvailabilityConfidentialityType II

Scope

The examination covers the ForgeOrbis product engineering lifecycle (how we build, sign, and release the software and model artifacts you deploy) and the corporate systems that support it. Because the product runs inside your environment, your deployment's operational controls are yours; our attestation covers what we produce and how we produce it.

Trust services criteria

  • Security: access control, change management, and secure SDLC over the build and release pipeline.
  • Availability: of the services we operate, such as artifact signing and distribution.
  • Confidentiality: of the information you share with us during evaluation and deployment.

Continuous monitoring

Controls are monitored continuously and reviewed by an independent auditor across the reporting period. Findings are tracked to closure.

Request the report

The full SOC 2 Type II report is available under NDA. Ask your account contact or request one from the deployment request form. For an air-gapped or on-prem evaluation, we also provide the mapping between these controls and the product's shipped hardening.