News and events
News and events
Happydance achieves SOC 2 Type 2
Happydance has received its SOC 2 Type 2 report, independently audited by A-LIGN.
The report covers the Security and Availability Trust Services Criteria and was issued with a clean opinion and no exceptions across every control tested.
SOC 2 is a widely recognized security framework developed by the American Institute of Certified Public Accountants (AICPA). It evaluates how a technology company protects customer data based on five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
“Congratulations to Happydance for completing their SOC 2 audit, a widely recognized signal of trust and security,”said Steve Simmons, COO of A-LIGN. “It’s great to work with organizations like Happydance, who understand the value of expertise in driving an efficient audit and the importance of a high-quality final report.”
There are two types of SOC 2 reports. A Type 1 report confirms that security controls are properly designed at a specific point in time. A Type 2 report goes further. It examines whether those controls operated effectively over a sustained period, in our case, six months.
A-LIGN audited Happydance over the period July 1, 2025, to December 31, 2025. The audit and report covered two Trust Services Criteria:
Security confirms that the systems and data within Happydance’s platform are protected against unauthorized access, both physical and logical. This includes access controls, encryption, network security, vulnerability management, incident response, and change management.
Availability confirms that the platform is available for operation and use as committed. This covers capacity monitoring, backup and recovery, disaster recovery planning, and business continuity.
The audit resulted in a clean opinion with no exceptions noted. No significant system changes and no significant incidents occurred during the audit period.
“This is a meaningful milestone for Happydance and for the customers who trust our platform. SOC 2 Type 2 gives procurement, information security, and data protection teams independent evidence that our controls have operated effectively over time. It sits alongside ISO 27001 and reflects the standards we expect of ourselves as an enterprise careers website platform.” Jim Taylor, Managing Director, Happydance.
SOC 2 Type 2 sits alongside Happydance’s wider security and compliance standards, including:
-
ISO/IEC 27001:2022, certified by BSI, certificate IS 827210, covering our entire SaaS careers website platform
-
Cyber Essentials, certified for 2025, covering the whole organization
-
GDPR and UK GDPR alignment, with Data Processing Agreements in place with all sub-processors
For Happydance, compliance is more than a point-in-time achievement. These certifications reflect the operational standards behind how we build, run, and protect our platform.
The SOC 2 Type 2 report is a restricted-use document and is available to customers and prospects under NDA. To review the report as part of your due diligence process, please contact your Happydance representative or request access through our team.
-Ends-
Frequently Asked Questions
What does SOC 2 Type 2 mean?
SOC 2 Type 2 is an independent audit that tests whether a company’s security controls operated effectively over a sustained period. For Happydance, the audit covered a six-month period from July 1, 2025, to December 31, 2025.
Who audited Happydance’s SOC 2 Type 2 report?
Happydance’s SOC 2 Type 2 report was independently audited by A-LIGN.
What did the Happydance SOC 2 Type 2 report cover?
The report covered the Security and Availability Trust Services Criteria. These include areas such as access controls, encryption, network security, vulnerability management, incident response, change management, capacity monitoring, backup and recovery, disaster recovery planning, and business continuity.
What was the outcome of the SOC 2 Type 2 audit?
Happydance received a clean opinion with no exceptions noted across every control tested.
Why does SOC 2 Type 2 matter for Happydance customers?
SOC 2 Type 2 gives customers and prospects independent reassurance that Happydance’s platform is run securely and reliably. It is especially relevant for procurement, information security, and data protection teams carrying out vendor due diligence.
Can customers review Happydance’s SOC 2 Type 2 report?
Yes. The SOC 2 Type 2 report is a restricted-use document and is available to customers and prospects under NDA as part of the due diligence process.
Does SOC 2 Type 2 replace ISO 27001?
No. SOC 2 Type 2 and ISO 27001 are complementary. Together, they provide independent assurance around how Happydance manages information security, operational controls, and platform risk.
How can procurement or security teams request the report?
Customers and prospects can request access through their Happydance contact. The report is available under NDA as part of the due diligence process.
What other security certifications does Happydance hold?
Happydance is ISO/IEC 27001:2022 certified by BSI, Cyber Essentials certified for 2025, and aligned with GDPR and UK GDPR requirements, with Data Processing Agreements in place with all sub-processors.
