PayCal Technologies Inc.

SOC 2 Readiness

PayCal Technologies operates a SOC 2-aligned security program with programmatically enforced controls, continuous evidence generation, and traceable audit trails.

Readiness Status

  • Readiness: SOC 2 readiness in progress
  • Controls: CC1–CC9 mapped
  • Evidence bundle: generated daily at 03:00 UTC
  • Freshness window: 35-day artifact retention policy
  • Audit trail: immutable ledger validation active

Control Coverage (CC1–CC9)

All SOC 2 Common Criteria controls in scope — CC1 through CC9 — are mapped to retained evidence in the monthly bundle.

Each control objective is linked to concrete artifacts, enabling direct traceability for internal review and external audit preparation.

Security Enforcement Model

PayCal treats security controls as system properties, not documentation. Enforcement is programmatic and verifiable.

  • Passkey-capable authentication flow for phishing-resistant access control
  • Runtime integrity monitoring with operational state handling and anomaly capture
  • Guardian sanitization controls on sensitive output and DOM paths
  • Full-suite PHPUnit gate required before compliance bundle finalization

Evidence and Continuous Monitoring

Evidence exports run automatically every day. Each bundle includes control mappings, artifact records, and test evidence.

Monthly bundle archives are retained and linked to an auditor index for direct artifact retrieval during review.

Scope Clarification

PayCal Technologies has not yet completed a formal SOC 2 audit. No SOC 2 certification or auditor opinion is represented on this page.

Formal report materials, including the auditor index and bundle artifacts, are available under an NDA request workflow.

Report Access

Qualified organizations conducting vendor due diligence or security reviews may request access to the full audit package.

View Live SOC 2 Status

Request SOC 2 Report (NDA)

References