Aegisys Cloud Solutions
SOC 2 cybersecurity compliance
SOC 2 Type II Certified MSP — Canada

Your MSP Has Privileged Access to Your Business. We've Proven We Deserve It.

Aegisys is one of the few SOC 2 Type II certified Managed Service Providers in Canada — independently audited, Canadian data centres, 25+ years of earned trust.

Request a free risk assessmentWhat is SOC 2 Type II?
  • Independent third-party audited annually
  • Continuous monitoring & threat detection
  • 100% Canadian data — Sudbury data centres
  • 25+ years protecting Canadian organizations

Understanding SOC 2

What SOC 2 Means

SOC 2 Type II is a rigorous audit process developed by the AICPA. It evaluates whether a service organization's controls meet the Trust Service Criteria — and crucially, whether those controls worked consistently over time, not just on audit day.

Unlike a Type I audit (a single point-in-time snapshot), a Type II audit covers a defined monitoring period — typically 6 to 12 months — and tests operational effectiveness continuously.

Why Type II matters

Anyone can pass a single-day check. SOC 2 Type II proves that security controls are consistently enforced over months — not just documented, but actively working.

The Five Trust Service Criteria

Security

Mandatory

The only mandatory criteria. Ensures systems are protected against unauthorized access — both physical and logical.

Confidentiality

Data designated as confidential is protected as committed. Encryption, access controls, and secure disposal.

Privacy

Personal information is collected, used, retained, and disclosed in conformity with privacy commitments.

Availability

Systems are available for operation and use as committed. Uptime, disaster recovery, and incident handling.

Processing Integrity

System processing is complete, valid, accurate, timely, and authorized to meet the entity's objectives.

The Process

Three Phases of SOC 2 Certification

SOC 2 Type II compliance is achieved through a multi-phase process that includes a readiness assessment, internal control implementation, and a detailed audit by a certified third-party auditor.

1

Readiness Assessment

Aegisys received third-party guidance to evaluate existing controls. Our team documented all internal processes, procedures, tools, and systems — identifying gaps and preparing for the formal audit.

2

Audit Process

A verified third-party auditor examined all processes, procedures, tools, and systems over a defined monitoring period. Control samples were selected and tested to confirm that policies are enforced, documented, and traceable.

3

Documentation & Official Report

A verification report was created confirming Aegisys is SOC 2 Type II compliant. The report confirms all Trust Service Criteria have been met and is available to clients under a non-disclosure agreement.

Why It Matters

What a SOC 2 Type II MSP actually means for you

Your MSP manages privileged access to your environment. SOC 2 Type II certification means that access is controlled, audited, and proven to be managed responsibly — not just promised.

Independently audited — not self-certified

Our controls are assessed annually by a third-party CPA firm. Not a checklist we fill out ourselves — a verified opinion that covers real control samples from a real monitoring period.

Your auditors will be satisfied

For organizations in healthcare, finance, or legal services, an MSP's SOC 2 Type II report is often required evidence for your own compliance programs. We make the report available on request.

Documented processes — every time

SOC 2 requires repeatable, documented procedures for monitoring, incident response, and change management. When something goes wrong, there's a clear record and a clear plan.

Full visibility into how your data is managed

We don't just claim to protect your data. We can show you how: access controls, encryption standards, audit trails, and data residency commitments — all documented and auditor-reviewed.

Security that improves each year

Annual audits create accountability. Each cycle, control gaps are identified and closed. You benefit from a security program that continuously tightens, not one that stays static.

Only 5% of MSPs Worldwide Hold SOC 2 Type II Certification

Aegisys Cloud Solutions is part of that select group. Our SOC 2 Type II certification — renewed annually — reaffirms our commitment to the highest standards of IT security, privacy, and operational accountability for every client we serve.

Top 5%

of MSPs worldwide

SOC 2 Type II certified

Powered by Drata

Verify our compliance posture — independently.

Our Aegisys Trust Centre gives you on-demand access to the documentation behind our SOC 2 Type II certification — no sales call required. Review our audit reports, pentest results, and self-assessments directly.

Visit our Trust CentreWhat's in the Trust Centre

Available documents

SOC 2 Type II Report
SOC 3 Public Report
Penetration Test Report
CAIQ Self-Assessment
HECVAT Full
Master Services Agreement

Some documents require a verified request. Visit the Trust Centre portal to request access.

FAQ

SOC 2 Type II — Frequently Asked Questions

Ready to get started?

See how a SOC 2 certified MSP protects your business

We'll review your environment, identify your highest-priority risks, and show you exactly what certified managed IT looks like in practice — no long-term commitment required.

Request a free risk assessment(705) 222-3652

Prefer email?

info@aegisys.com

Toll-Free

1-866-961-1805

Headquarters

Sudbury, Ontario

Headquarters in Sudbury • Remote technicians in Brockville and Newmarket