At a glance
NEXT AI maintains a SOC 2 Type II report covering controls relevant to the Trust Services Criteria (Security and Availability). A Type II report tests the design and operating effectiveness of controls over a defined period. NEXT AI's report is the outcome of an audit performed by an independent third-party firm certified by the American Institute of CPAs (AICPA). The engagement was performed by Prescient Assurance LLC, TN.
What is SOC 2?
SOC 2 is an independent attestation examining controls at a service organization that are relevant to the protection and reliable processing of customer data. Reports are structured around the AICPA’s Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. AICPA & CIMA+1
Type I vs Type II
Type I: Were the controls designed appropriately at a specific point in time?
Type II: Were the controls designed and operating effectively over a period (commonly 3–12 months)?
This distinction helps buyers understand depth and durability of assurance.
Scope at NEXT AI
Controls mapped to relevant Trust Services Criteria (with security always included).
Technical safeguards include encryption, access control, logging/monitoring, vulnerability management, and incident response (see related security pages).
Organizational safeguards include background checks, training, vendor management, and documented policies/procedures.
How customers access the report
The SOC 2 Type II report (and any bridge letters, where applicable) is available to Enterprise customers and qualified Enterprise prospects under NDA. Contact NEXT AI’s team to request access.
FAQ
Q: Is NEXT AI SOC 2 Type II?
Yes. NEXT AI maintains a SOC 2 Type II report covering relevant Trust Services Criteria.
Q: What’s the difference between SOC 2 Type I and Type II?
Type I evaluates design of controls at a point in time; Type II evaluates design and operating effectiveness over a period.
Q: Which SOC 2 Trust Services Criteria does NEXT AI meet?
NEXT AI meets the Security and Availability, as defined by the AICPA’s criteria.
Q: How long is the Type II assessment period?
Common windows are 3, 6, 9, or 12 months, depending on readiness and audit scope.
Q: Can I see NEXT AI’s SOC 2 report?
Yes—available under NDA to Enterprise customers and qualified Enterprise prospects. Request access from NEXT AI.
Q: Does SOC 2 guarantee legal compliance (e.g., GDPR)?
No. SOC 2 provides assurance on controls; legal/regulatory compliance is assessed separately (see GDPR Commitment page for privacy law coverage.)
Q: What is a bridge letter and when is it used?
A bridge letter covers the period between the end of the audit window and the present, stating whether material changes occurred. It’s commonly provided alongside an in-period report.