Sidetrade Achieves SOC 1 and SOC 2 Type II Certifications
The specialist in artificial intelligence applications for Order-to-Cash announces that it has obtained SOC 1 Type II and SOC 2 Type II assurance reports issued by EY France, as well as the renewal of its ISO/IEC 27001:2022 certification. These certifications aim to attest to the reliability of its internal controls and the security of its information systems.
Confirmation of Effective Internal Controls
According to the group, the SOC 1 Type II and SOC 2 Type II reports confirm that its internal controls have operated effectively over the audited period, with no anomalies found. The SOC process provides independent assurance on the design and operational effectiveness of internal controls. The company indicates that these results were achieved in the context of integrating acquisitions, expanding its global presence, and introducing new agent-based AI capabilities. Concurrently, the ISO/IEC 27001:2022 certification attests to the compliance of the group's information security management system with international standards, with no significant non-conformities identified. Sidetrade notes that it has been ISO 27001 certified since 2019 and transitioned to the 2022 version of the standard in 2025.
Assurance for Regulatory Compliance
According to the press release, the SOC 1 Type II report provides an assurance mechanism for companies subject to the Sarbanes-Oxley Act or equivalent regulatory requirements, confirming the reliability of controls surrounding financial processes managed by software applications. The SOC 2 Type II report, increasingly demanded by American companies when evaluating their suppliers, offers independent assurance on security, availability, and confidentiality controls covering infrastructure and development operations. Laurent Pontier, the chief of staff to the technical director, states that the company designs its AI platform to meet the control standards expected in regulated environments. The ISO 27001 certification was issued by EY CertifyPoint.
Scope of Certified Information Security Management System
The scope of the ISO 27001:2022 certified information security management system explicitly includes the company's AI systems, including Aimie, its agent-based AI, the group indicates. The SOC 1 Type II report covers controls of applications supporting financial processes, while the SOC 2 Type II report examines organizational controls related to people, processes, and technologies. Although the SOC reports do not provide specific assurance dedicated to artificial intelligence, Sidetrade notes, its AI capabilities are developed according to the same security standards applied to its entire platform. The company asserts that it has designed its architecture on a principle of sovereignty, with proprietary infrastructures and data processing in a controlled environment, to meet GDPR requirements. These certifications also support, according to the press release, the group's preparedness for new regulatory frameworks, including the European regulation on artificial intelligence.
