Provide SOC 2 Type II conformance attestation in addition to ISO27001 certification

The gold standard for compliance is a third-party audit report. Telling us only that you passed leaves open the question of "By how many points?" Are we talking about A- or D- here?

I'm doing my company's service provider review at present, and not getting the answers I need, in order to tell management they are ok to use your product. If all you have or wish to have is your ISO audit, you ought to be able to share it under NDA.

Thank you for providing your feedback!

Aha! maintains an ISO 27001 certified ISMS and we have intentionally chosen ISO 27001 certification above SOC2 assessment for its international recognition and comprehensive scope. We provide information about our security program at https://www.aha.io/legal/security and our ISO 27001 certificate is available at https://www.aha.io/aha_iso27001_certificate.pdf.

Our annual third party ISO 27001 audits cover both the information security management system itself as well as control audits (similar to a SOC2 audit) against our selected ISO 27002 controls. We will provide our ISO 27001 Statement of Applicability upon request so that you can see which controls we are audited against. A detailed description of these controls is included in our CAIQ response at https://cloudsecurityalliance.org/star/registry/aha/.

We currently do not have plans to add SOC2 assessment in addition to our ISO 27001 certification. We will continue to monitor customer feedback in this area and consider it in the future.