Next Frontier of AI Governance | Year 3 of SOC 2 Type II

We are pleased to announce that DataOps.live has successfully completed SOC 2 Type II certification for the third consecutive year. This achievement reinforces our enduring commitment to robust security, operational integrity and regulatory readiness. But more importantly, it reflects how our business is evolving: security and compliance have become foundational pillars of how we build products, serve customers, and navigate the emerging world of AI governance.

Sustaining Excellence in SOC 2 Compliance

For three years, we’ve maintained a disciplined approach to the SOC 2 Type II standard, working with our independent auditors at Prescient Security, and leveraging the automated compliance platform Drata to continuously monitor and evidence our controls.

Using Drata gives us an always-on view of compliance metrics and gaps, while the Prescient Security audit ensures our controls not only exist but function effectively over time.
In short, SOC 2 remains a vital foundation, but as our business and the regulatory environment progress, we’re raising the bar further.

Building the Bridge to AI Governance

As the dataverse evolves, so do its risks and opportunities. While SOC 2 focuses on trust service criteria such as Security, Availability, Confidentiality and Privacy, we’ve recognised that the next frontier — the way we develop and embed AI — demands a governance framework of its own.

That is why we've begun laying the foundation for compliance with standards such as ISO/IEC 42001 (the AI Management Systems standard) and with emerging regulatory regimes like the EU AI Act.

"SOC 2 remains our security cornerstone, but the future demands more — so we’re investing heavily in AI governance aligned with ISO 42001 and the EU AI Act."

Why this matters:

• ISO/IEC 42001 provides the structure to manage AI risk end-to-end, from design, development, and deployment to decommissioning.
• The EU AI Act introduces a new, broad-scope regulation covering providers, deployers, and users of AI systems marketed or used within the EU.  
• Getting ahead of these frameworks gives our customers confidence not just in the security of our platform, but in the responsible use of AI by our business and our products.

Why It Matters for You, Our Customers

• Trust and future-proofing: You already know we meet industry-leading security standards (via SOC 2). Now we’re positioning to ensure the AI you build or embed via our platform is governed to the same high standard.
• Reduced risk: The regulatory landscape is shifting fast. The EU AI Act will apply across many sectors and geographies. By building now, we reduce reactive risk and cost.
• Transparency and collaboration: We don’t treat compliance as a checkbox, but as something we do with you — sharing evidence, controls, policy artifacts and audit artifacts where appropriate.
• Product leadership: Responsible AI is increasingly a differentiator. Our investment here means we (and by extension, you, our customers) are ready to elevate data products in a world that demands trust, accountability and transparency.

"Our customers can trust that the same rigor behind our SOC 2 controls now extends to the AI systems we develop and deliver."

Looking Ahead

While achievement of our third SOC 2 Type II certificate is a milestone, we recognise compliance is a journey, not a destination. Over the next 6–12 months, we will focus on:

• Completing a formal gap-analysis against ISO/IEC 42001 and setting objectives for formal readiness or certification.
• Elevating our AI-governance metrics and tooling, including dashboards that mirror our SOC 2 monitoring, but for AI risk/impact controls.
• Working with customers and partners to align our AI governance story with theirs, enabling more seamless integration of compliant AI across the ecosystem.

We invite you to engage with us on this journey. Whether you’re building AI-powered data-products or simply seeking a robust foundation of secure, trustworthy data services, you can rely on DataOps.live to meet the moment.

Thank you for your trust and partnership. Here’s to another year of secure, compliant, and responsible innovation — and many more ahead.