
Nocoly has successfully completed its SOC 2 Type I audit, with Ernst & Young (EY) — one of the world’s “Big Four” accounting firms — serving as the independent auditor and issuing a formal report. Building on a long-standing commitment to systematic information-security management, this marks another internationally recognized endorsement of Nocoly’s security and compliance posture.
What is SOC 2
SOC 2 (Service Organization Control 2) is an information-security auditing standard developed by the American Institute of Certified Public Accountants (AICPA) for cloud and SaaS providers. Internationally, it is widely used as a benchmark for whether a service provider can be trusted with customer data. It evaluates a provider’s internal controls against five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
SOC 2 comes in two types:
- Type I: at a specific point in time, the auditor evaluates whether the design of the provider’s security controls is sound and has been implemented.
- Type II: additionally examines whether those controls operate effectively over an extended period.
Nocoly has obtained the Type I report, with an audit-as-of date of 31 May 2026. EY independently reviewed Nocoly’s information security management system and issued the report, which is valid for 12 months and renewed on an annual basis.
What this means for you
Nocoly takes a systematic approach to information security, operating an Information Security Management System (ISMS) that spans access control, data protection, change management, operations security, and incident response — turning day-to-day security practices into executable, auditable controls. The SOC 2 Type I audit is an independent third party’s confirmation that this system is soundly designed and has been put into practice. For customers, this delivers three concrete assurances:
- Greater confidence in entrusting your data: access, encryption, isolation, and backup of customer data operate within a documented, traceable framework, independently verified by a third party.
- Lower evaluation and procurement cost: for enterprise security due diligence, a SOC 2 report issued by a Big Four firm significantly reduces repetitive questionnaires and manual evidence-gathering.
- A foundation for continuous improvement: systematic security governance is not a one-time checkbox but an ongoing practice, laying the groundwork for future capability upgrades.
What’s next
As our security program continues to operate, Nocoly will pursue SOC 2 Type II, in which the auditor assesses the sustained effectiveness of controls over a continuous period — advancing from “well-designed” to “consistently effective.”
Information security has no finish line. Nocoly will keep investing to put every customer’s data security first and to deliver a trustworthy low-code platform, reliably and over the long term.
Enterprise customers who would like details of our SOC 2 report can reach us via our website or your account consultant.

