All U.S. data centers supporting Sand Solutions’ Government Cloud (SGC2) maintain SOC 1 Type 2 reports covering controls relevant to financial reporting and operational integrity. These reports are issued annually by independent auditors and form part of our vendor management and continuous monitoring program.

Sand Solutions also maintains its own independently assessed SOC 1 Type 2 report, providing assurance over internal controls related to system operations, service delivery, and data handling. Together, these reports demonstrate the integrity and consistency of the environments supporting our clients’ hosted applications.

Each U.S. data center within the Sand Solutions infrastructure also maintains an active SOC 2 Type 2 report, evaluating the design and operating effectiveness of controls aligned with the Trust Services Criteria for Security, Availability, Processing Integrity, and Confidentiality.

As part of our vendor management process, Sand Solutions reviews and validates these reports annually to ensure all supporting facilities meet the same high standards we uphold internally. Sand Solutions’ own SOC 2 Type 2 report provides independent verification of our security and compliance posture, reflecting our ongoing commitment to protecting client systems and data.