Skip to main content

Is Harmony SOC 2 Compliant?

Harmony is actively pursuing SOC 2 Type II and ISO 27001 certifications. While we are not yet certified, we have already implemented the security controls and processes required by both frameworks, and our formal audit process is underway.

What is SOC 2?

SOC 2 (Service Organization Control) is the gold standard for SaaS security. It evaluates a company based on five Trust Services Criteria. Harmony is pursuing certification across:

  • Security: Protection against unauthorized access.
  • Availability: Ensuring the system is reliable and accessible.
  • Confidentiality: Protecting sensitive data.

What is ISO 27001?

ISO 27001 is the leading international standard for Information Security Management Systems (ISMS). It provides a systematic approach to managing sensitive company and customer information through risk assessment, security controls, and continuous improvement. Achieving ISO 27001 certification demonstrates that an organization has established a comprehensive, independently verified security management framework.

Where we are today

Although the formal certifications are still in progress, we have already put the foundational work in place:

  • Security controls implemented — Our infrastructure, access management, encryption, and incident response processes are built to meet SOC 2 and ISO 27001 requirements.
  • Policies and procedures documented — We maintain a full set of information security policies aligned with both frameworks.
  • Independent audit in progress — We are working with a qualified third-party auditor to complete the certification process.
  • Continuous monitoring active — Automated systems track our infrastructure compliance 24/7.

We will update this page as soon as our certifications are finalized. If you need documentation on our current security posture for a vendor review, please reach out to our security team.

Requesting security documentation

While the final SOC 2 report and ISO 27001 certificate are not yet available, we can provide supporting documentation for your vendor assessment.

To request documentation:

  1. Email security@heyharmony.com.
  2. Include your company name and the reason for the request (e.g., Vendor Risk Assessment).
  3. Our security team will share the relevant materials within 2 business days.

Other compliance commitments

Alongside SOC 2 and ISO 27001, Harmony is committed to GDPR maintaining full compliance with the European data privacy regulation. Learn more.

Continuous improvement

Security is not a one-time checklist — it is an ongoing commitment.

  • Daily Monitoring: Automated systems track our infrastructure compliance 24/7.
  • Penetration Testing: Regular ethical hacking exercises by independent cybersecurity firms to identify vulnerabilities.
  • Annual Re-certification: Once certified, we will undergo full third-party audits every 12 months to maintain our certifications.