BBlix· Trust Centre
All systems operational

Blix
Trust Centre

Swise company

Certifications

Independently audited

Click any certification to see its scope, auditor and report access.

SOC 2

SOC 2

Audited 1 Jul 2026

AICPA Trust Services Criteria audit covering security, availability, processing integrity, confidentiality and privacy. Designed for SaaS and FinTech service providers — particularly those selling to North American enterprises.

Issuer: Amaru ISO · Last audit: 1 Jul 2026 · Valid until: 31 Aug 2026

No documents attached.

Controls

4 Context of the organization (Mandatory Clause)

  • 4.1 Understanding the organization and its context
  • 4.2 Understanding the needs and expectations of interested parties
  • 4.3 Determining the scope of the information security management system
  • 4.4 Information security management system

5 Leadership (Mandatory Clause)

  • 5.2 Policy
  • 5.3 Organizational roles, responsibilities and authorities
  • 5.1 Leadership and commitment

6 Planning (Mandatory Clause)

  • 6.1.1 General - Actions to address risks and opportunities
  • 6.1.3 Information security risk treatment: Actions to address risks and opportunities
  • 6.1.2 Information security risk assessment: Actions to address risks and opportunities
  • 6.3 Planning of changes
  • 6.2 Information security objectives and planning to achieve them

7 Support (Mandatory Clause)

  • 7.4 Communication
  • 7.1 Resources
  • 7.5.1 General - Documented information
  • 7.5.3 Control of documented information - Documented information
  • 7.2 Competence
  • 7.3 Awareness
  • 7.5.2 Creating and updating - Documented information

9 Performance evaluation (Mandatory Clause)

  • 9.3.2 Management review inputs - Management review
  • 9.1 Monitoring, measurement, analysis and evaluation
  • 9.3.3 Management review results - Management review
  • 9.3.1 General - Management review
  • 9.2.2 Internal audit programme - Internal audit
  • 9.2.1 General -Internal audit

8 Operation (Mandatory Clause)

  • 8.3 Information security risk treatment
  • 8.1 Operational planning and control
  • 8.2 Information security risk assessment

5 Organizational Controls (Sec Control)

  • 5.3 Segregation of duties (Sec Control)
  • 5.2 Information security roles and responsibilities (Sec Control)
  • 5.7 Threat intelligence (Sec Control)
  • 5.11 Return of assets (Sec Control)
  • 5.25 Assessment and decision on in- formation security events (Sec Control)
  • 5.20 Addressing information security within supplier agreements (Sec Control)
  • 5.34 Privacy and protection of personal identifiable information (PII) (Sec Control)
  • 5.17 Authentication information (Sec Control)
  • 5.4 Management responsibilities (Sec Control)
  • 5.1 Policies for information security - (Sec Control)
  • 5.5 Contact with authorities (Sec Control)
  • 5.12 Classification of information (Sec Control)
  • 5.9 Inventory of information and other associated assets (Sec Control)
  • 5.18 Access rights (Sec Control)
  • 5.16 Identity management (Sec Control)
  • 5.14 Information transfer (Sec Control)
  • 5.6 Contact with special interest groups (Sec Control)
  • 5.8 Information security in project management (Sec Control)
  • 5.27 Learning from information security incidents (Sec Control)
  • 5.19 Information security in supplier relationships (Sec Control)
  • 5.13 Labelling of information (Sec Control)
  • 5.36 Compliance with policies, rules and standards for information security (Sec Control)
  • 5.10 Acceptable use of information and other associated assets (Sec Control)
  • 5.24 Information security incident management planning and preparation (Sec Control)
  • 5.33 Protection of records (Sec Control)
  • 5.22 Monitoring, review and change management of supplier services (Sec Control)
  • 5.29 Information security during disruption (Sec Control)
  • 5.35 Independent review of information security (Sec Control)
  • 5.32 Intellectual property rights (Sec Control)
  • 5.37 Documented operating procedures (Sec Control)
  • 5.31 Legal, statutory, regulatory and contractual requirements (Sec Control)
  • 5.26 Response to information security incidents (Sec Control)
  • 5.28 Collection of evidence (Sec Control)
  • 5.30 ICT readiness for business continuity (Sec Control)
  • 5.15 Access control (Sec Control)
  • 5.21 Managing information security in the ICT supply chain (Sec Control)
  • 5.23 Information security for use of cloud services (Sec Control)

10 Improvement (Mandatory Clause)

  • 10.2 Nonconformity and corrective action
  • 10.1 Continual improvement

8 Technological controls (Sec Control)

  • 8.13 Information backup (Sec Control)
  • 8.2 Privileged access rights (Sec Control)
  • 8.17 Clock synchronization (Sec Control)
  • 8.8 Management of technical vulnerabilities (Sec Control)
  • 8.29 Security testing in development and acceptance (Sec Control)
  • 8.3 Information access restriction (Sec Control)
  • 8.27 Secure system architecture and engineering principles (Sec Control)
  • 8.16 Monitoring activities (Sec Control)
  • 8.31 Separation of development, test and production environments (Sec Control)
  • 8.32 Change management (Sec Control)
  • 8.20 Networks security (Sec Control)
  • 8.24 Use of cryptography (Sec Control)
  • 8.22 Segregation of networks (Sec Control)
  • 8.25 Secure development life cycle (Sec Control)
  • 8.15 Logging (Sec Control)
  • 8.26 Application security requirements (Sec Control)
  • 8.7 Protection against malware (Sec Control)
  • 8.9 Configuration management (Sec Control)
  • 8.21 Security of network services (Sec Control)
  • 8.6 Capacity management (Sec Control)
  • 8.28 Secure coding (Sec Control)
  • 8.18 Use of privileged utility programs (Sec Control)
  • 8.1 User end point devices (Sec Control)
  • 8.19 Installation of software on operational systems (Sec Control)
  • 8.23 Web filtering (Sec Control)
  • 8.11 Data masking (Sec Control)
  • 8.4 Access to source code (Sec Control)
  • 8.10 Information deletion (Sec Control)
  • 8.34 Protection of information systems during audit testing (Sec Control)
  • 8.12 Data leakage prevention (Sec Control)
  • 8.30 Outsourced development (Sec Control)
  • 8.5 Secure authentication (Sec Control)
  • 8.14 Redundancy of information processing facilities (Sec Control)
  • 8.33 Test information (Sec Control)

7 Physical Controls (Sec Control)

  • 7.4 Physical security monitoring (Sec Control)
  • 7.13 Equipment maintenance (Sec Control)
  • 7.2 Physical entry (Sec Control)
  • 7.8 Equipment siting and protection (Sec Control)
  • 7.12 Cabling security (Sec Control)
  • 7.14 Secure disposal or re-use of equipment (Sec Control)
  • 7.1 Physical security perimeters (Sec Control)
  • 7.3 Securing offices, rooms and facilities (Sec Control)
  • 7.7 Clear desk and clear screen (Sec Control)
  • 7.6 Working in secure areas (Sec Control)
  • 7.5 Protecting against physical and environmental threats (Sec Control)
  • 7.10 Storage media (Sec Control)
  • 7.11 Supporting utilities (Sec Control)
  • 7.9 Security of assets off-premises (Sec Control)

6 People Controls (Sec Control)

  • 6.3 Information security awareness, education and training (Sec Control)
  • 6.7 Remote working (Sec Control)
  • 6.8 Information security event reporting (Sec Control)
  • 6.5 Responsibilities after termination or change of employment (Sec Control)
  • 6.2 Terms and conditions of employment (Sec Control)
  • 6.4 Disciplinary process (Sec Control)
  • 6.1 Screening (Sec Control)
  • 6.6 Confidentiality or non-disclosure agreements (Sec Control)
Compliance scope

Which products are covered?

ProductSOC 2
Weapp
FAQ

Common questions

FAQ 1
test 1
Are you ISO certified company ?
Yes, we are ISO certified company

Request access