Confident LIMS + SOC 2 Type 1 and Type 2

Confident Color_Main.png

CC Software LLC (dba Confident LIMS)

Last Updated Date: 2025-09-22

Introduction

Confident LIMS is a Laboratory Information Management System developed by CC Software LLC (“Confident”) for use in regulated laboratory environments. This document provides a readiness assessment by Confident of Confident’s compliance with the AICPA SOC 2 Type 1 and Type 2 frameworks. This readiness assessment reflects our internal evaluation of the operating effectiveness of controls related to security, availability, confidentiality, processing integrity, and privacy, over the period 2025-01-01 to the Last Updated Date above.

A SOC 2 Type 1 report evaluates the design and implementation of controls at a point in time. Confident has implemented policies, procedures, and technical safeguards aligned with the Trust Services Criteria and considers itself ready for third-party audit if requested in the future.

Trust Services Criteria Alignment

Security: Access is restricted to authorized users, monitored, and protected by authentication and encryption controls.
Availability: Systems are hosted on secure, redundant infrastructure with backup and recovery processes.
Confidentiality: Sensitive customer data is protected via encryption, access controls, and confidentiality agreements.
Processing Integrity: Systems are designed and validated to process data accurately, reliably, and in accordance with documented requirements.
Privacy: Customer data is collected, stored, and used only in accordance with privacy commitments.

A SOC 2 Type 2 report evaluates the ongoing operation of controls across a defined period of time. While no third-party audit has been conducted, Confident has internally reviewed its controls and monitoring evidence and considers them to have been operating effectively during the period noted.

Trust Services Criteria Alignment

Security: Access to systems and data is restricted, logged, monitored, and reviewed. Security events are tracked and managed through incident response procedures.
Availability: Systems are operated with monitoring, redundancy, and backup protocols to ensure continuous availability.
Confidentiality: Confidential customer information is handled securely, with access limited to authorized personnel under strict policies.