ISO 27001 & SOC 2 Certified Cloud Engineering
eCloudControl holds ISO/IEC 27001:2022 and SOC 2 Type II certifications — independently audited security and compliance standards trusted by enterprise procurement teams in healthcare, financial services, and technology.
ISO/IEC 27001:2022
Information Security Management
- Certifying Body
- INTERCERT
- Registration #
- IC-IS-2505051
- Initial Certification
- May 05, 2025
- Surveillance Validity
- May 04, 2026
- Recertification
- May 04, 2028
Certification Scope
- AI/ML solutions and agentic AI platforms
- Platform engineering and cloud-native infrastructure
- No-code agentic AI application development
- Cloud migration and application modernisation
- Managed cloud and SRE services
- Support functions: IT, HR, Legal, Administration
SOC 2 Type II
Security, Availability & Confidentiality
SOC 2 Type II is the highest tier of the AICPA Service Organisation Controls framework. Unlike a Type I report — which assesses whether controls are suitably designed at a single point in time — a Type II audit tests whether those controls operated effectively over a defined period, typically 6 to 12 months. This gives enterprise clients far stronger assurance: not just that the right controls exist, but that they actually worked in practice.
Our SOC 2 Type II report covers three Trust Services Criteria: Security (protection against unauthorised access), Availability (systems operate to meet committed SLA levels), and Confidentiality (information designated as confidential is protected as agreed with clients).
What this means for you
- Continuous audit — controls verified over time, not just at a snapshot
- Independent third-party examination of security, availability, and confidentiality
- Verified data protection and access control effectiveness
- SOC 2 Type II report available to enterprise clients under NDA on request
ISO/IEC 42001:2023
AI Management System
ISO/IEC 42001 is the international standard for AI Management Systems (AIMS) — the first globally recognised framework that defines how organisations should govern, develop, and operate AI responsibly. Certification demonstrates that AI-powered products and services are built with defined risk controls, explainability requirements, and continuous monitoring — not deployed as black boxes.
For enterprise AI procurement, ISO 42001 answers the accountability question that stalls most AI-in-operations deployments: when an AI system makes an automated decision on production infrastructure, who is responsible, and how is that decision audited? eCloudControl's ISO 42001 certification covers the ManageZ AIOps layer and the lowtouch.ai agentic platform — every automated decision is explainable, logged, and subject to defined risk controls.
What ISO 42001 covers
- AI risk assessment and impact evaluation
- Explainability and auditability of AI-driven decisions
- Responsible AI development lifecycle
- AI governance roles and accountability framework
- Continuous monitoring and incident response for AI systems
- Applies to ManageZ AIOps and lowtouch.ai agentic platform
Enterprise relevance
Regulated industries — financial services, healthcare, manufacturing — increasingly require suppliers to demonstrate AI governance. ISO 42001 certification is accepted as evidence in AI procurement due diligence and RFP vendor questionnaires.
What These Certifications Mean in Practice
ISO/IEC 27001:2022 is the internationally recognised standard for Information Security Management Systems (ISMS). Certification means eCloudControl has implemented a systematic, risk-based approach to protecting client data — covering people, processes, and technology across the entire organisation. The 2022 revision introduced updated Annex A controls specifically addressing cloud security, supplier relationships, and threat intelligence, all directly relevant to eCloudControl's managed cloud and platform engineering services.
For enterprise procurement teams, ISO 27001 certification is often a mandatory vendor requirement in sectors such as financial services, healthcare, insurance, and government. It signals that information security is managed systematically — not ad hoc — and that controls are subject to regular internal audits and external surveillance reviews by an accredited certifying body.
Together, ISO 27001 and SOC 2 Type II give clients dual-layer assurance: ISO 27001 confirms the management system is sound; SOC 2 Type II confirms the operational controls protecting your data actually worked throughout the audit period. This combination is increasingly required by enterprise legal and security review teams during vendor onboarding, particularly for engagements involving production infrastructure access, data pipelines, or 24/7 managed cloud operations.
Clients who need to demonstrate to their own auditors or regulators that their cloud vendors meet security standards can reference both certifications in third-party risk assessments. They are most relevant when evaluating our ManageZ managed SRE service, which operates continuously on client production infrastructure. We provide certification letters and audit scope summaries to enterprise clients on request.
Compliance FAQ
- What is the difference between SOC 2 Type I and SOC 2 Type II?
- A Type I report assesses whether controls are suitably designed at a specific point in time. A Type II report goes further — an independent auditor tests whether those controls operated effectively over a full audit period (typically 6–12 months). Type II is the standard required by most enterprise procurement and vendor risk teams.
- Which industries does ISO 27001 + SOC 2 Type II cover?
- These certifications are accepted across financial services, healthcare, insurance, edtech, and technology. They are commonly required as part of vendor qualification in HIPAA-adjacent environments, FCA-regulated firms, and organisations subject to GDPR or their own client audit requirements.
- Does eCloudControl hold ISO 42001 certification?
- Yes. eCloudControl also holds ISO/IEC 42001, the international standard for AI Management Systems. This covers governance, risk management, and responsible use of AI across our AI-powered products, including lowtouch.ai and the AIOps capabilities in ManageZ.
- How can I obtain compliance documentation for a vendor assessment?
- Enterprise clients and prospects can request certification letters, audit scope summaries, and supporting documentation by emailing info@ecloudcontrol.com. Detailed audit reports are shared under NDA.
For compliance documentation or audit evidence, contact info@ecloudcontrol.com
Get In Touch
Contact Our Cloud Experts Today!
Ready to transform your platform engineering? Our team is here to help you get started.