We’re proud to share that Zight has officially achieved SOC 2 Type II certification, independently verified by Johanson Group LLP.
Security has always been core to how we build at Zight. Our customers trust us to handle their data responsibly, and we take that seriously. Renewing this certification every year is one of the most meaningful ways we can show that commitment in a concrete, verifiable way.
What is SOC 2 Type II certification?
SOC 2 is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It was created specifically for technology and cloud service companies to give customers a standardized, trustworthy way to evaluate how a vendor handles their data.
The framework is built around five trust service criteria: security, availability, processing integrity, confidentiality, and privacy. Each one addresses a different dimension of how a company protects the data it handles. Security covers who can access your systems and how. Availability looks at whether your services stay up and reliable. Processing integrity ensures data is processed accurately and completely. Confidentiality governs how sensitive information is stored and shared. Privacy addresses how personal data is collected, used, and retained.
There are two types of SOC 2 reports. A Type I report is essentially a point-in-time assessment. An auditor looks at your controls on a specific date and confirms they are designed correctly. A Type II report is more rigorous. It evaluates whether those controls actually functioned as intended over an extended period of time, typically six to twelve months. That sustained proof of performance is what makes Type II the gold standard for enterprise customers and security-conscious buyers. It is also the standard we hold ourselves to every single year.
What this means for our customers
Whether you use Zight for customer support, async communication, or team collaboration, you deserve to know your data is in good hands. Completing this audit for another year gives you ongoing, third-party proof that our systems, policies, and processes continue to meet the highest industry standards. You do not have to take our word for it.
For teams in regulated industries or enterprises with strict vendor requirements, SOC 2 Type II is often a prerequisite before a tool can even be considered. We want Zight to be a product that clears that bar every year without hesitation.
How we approach this every year
This is never a one and done exercise for us. Each audit cycle means taking a fresh look at every part of how we operate, making sure our controls are still tight, our documentation is current, and our team is accountable throughout the full audit period.
We work with Johanson Group LLP each year to guide us through the process. They specialize in SOC 2 audits and consistently push us to go beyond the minimum requirements. Their team is thorough, direct, and genuinely helpful at every stage. Having that external accountability year over year makes us a better company.
Each time we go through this process we find new ways to sharpen our security practices. That ongoing improvement benefits everyone who uses Zight.
Where we go from here
We are committed to maintaining our annual SOC 2 Type II audit and continuing to raise the bar on our security program. This is not just a certification we earned once. It is a standard we show up for every year.
