Compliance Offerings to Customers

ISO 27001:2013

HighRadius maintains its ISO 27001 certification and makes the corresponding certificate available to customers. ISO 27001 specifies the requirements for implementing, maintaining, monitoring, and continually improving an information security management standard (ISMS). ISO 27002 provides guidelines and best practices for information security management; however, an organization cannot get certified against ISO 27002 because it is not a management standard. The audit vehicle is ISO 27001, which relies on detailed guidelines in ISO 27002 for control implementation. HighRadius ISO certificate covers Hyderabad, India locations. Here is the ISO Certificate.

SOC I Type 2

The American Institute of Certified Public Accountants (AICPA) has established three Service Organization Controls (SOC) reporting options (SOC 1, SOC 2, and SOC 3) to assist CPAs with examining and reporting on a service organization’s controls. The SOC I Type 2 attestation is based on the AICPA Statement on Standards for Attestation Engagements 18 (SSAE 18) standard and the International Standard on Assurance Engagements No. 3402 (ISAE 3402). The SOC I attestation has replaced SAS 70, and it is appropriate for reporting on controls at a service organization relevant to user entities internal controls over financial reporting. A Type 2 report includes auditor’s opinion on the control effectiveness to achieve the related control objectives during the specified monitoring period. HighRadius maintains a SOC I Type 2 attestation that is based on a rolling 6-month run window (audit period).Current report covers for the period April 1, 2023 to March 31, 2024. Here is the latest SOC I Type 2 Report. Also here is the SOC 1 Bridge Letter which covers from Apr 01,2024 to June 30,2024

Next report would be available by 22 December, 2024.

SOC II Type 2

SOC II Type 2 is a restricted use report intended to report on controls relevant to Security, Availability, Confidentiality, Processing Integrity, and Privacy system attributes. SOC II engagements are conducted in accordance with the Trust Services Principles and Criteria, as well as the requirements stated in the AICPA AT Section 101 standard. HighRadius SOC I and SOC II attestations are based on rigorous independent third-party audits conducted by a reputable CPA firm. At the conclusion of a SOC I or SOC II audit, the auditor renders an opinion in a SOC I Type 2 or SOC II Type 2 report, which describes the HighRadius system and assesses the fairness of the HighRadius description of its controls. It also evaluates whether the HighRadius controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period. HighRadius SOC II Type 2 report is relevant to the Security, Availability, Confidentiality, and Processing Integrity trust principles. HighRadius maintains a SOC II Type 2 attestation that is based on a rolling 12-month run window (audit period). Current report covers for the period November 1, 2022 to October 31, 2023. Here is the HighRadius SOC II Type 2 Report. Also here is the SOC II Bridge Letter which covers from Jan 01, 2024 to Mar 31, 2024 and SOC II Bridge Letter which covers from Nov 01, 2023 to Dec 31, 2023

Next report would be available by 28 December, 2024.

SOC-3

A SOC 3 report is a short, publicly facing version of the SOC 2 Type 2 attestation report. HighRadius does not have SOC - 3 report.