SOC 2 Type II Attestation
SOC 2 Type II: Our Commitment to Operational Excellence
At Magic Leap, we don’t just say we are secure—we prove it through independent, rigorous testing. In addition to our ISO certifications, we maintain a SOC 2 Type II Attestation Report, providing our partners with an objective look at how we protect their most sensitive data.
What is a SOC 2 Type II Report?
Developed by the American Institute of Certified Public Accountants (AICPA), a SOC 2 (System and Organization Controls) Type II report is the industry standard for service organizations.
Unlike a "Type I" report, which only looks at a point in time, a Type II report evaluates the effectiveness of our security controls over an extended period (typically 6–12 months). An independent third-party auditor examines our systems to ensure we are consistently meeting the "Trust Services Criteria" for Security, Availability, and Confidentiality.
What This Means for Magic Leap
A SOC 2 Type II report is a deep dive into our daily operations. For us, it means:
- Operational Transparency: We provide a "look under the hood" at our internal processes, from how we hire employees to how we encrypt data and manage server access.
- Proven Reliability: It confirms that our security practices aren't just policies on paper—they are functioning effectively every single day.
- Strict Oversight: We are held accountable by elite independent auditors who verify our compliance with industry-leading security benchmarks.
Why We Pursue SOC 2 Type II
We undergo this intensive audit annually for three primary reasons:
- Unmatched Assurance: It provides our customers—especially those in highly regulated industries—with the highest level of confidence in our operational integrity.
- Continuous Monitoring: The audit process helps us identify opportunities to further harden our infrastructure and refine our internal workflows.
- Efficiency in Partnership: By providing a comprehensive SOC 2 report, we save our customers time during their vendor due diligence and risk assessment processes.
How to Request Our SOC 2 Type II Report
Due to the sensitive nature of the detailed architectural and operational information contained in the report, it is shared only under a Non-Disclosure Agreement (NDA).
To request a copy for your compliance team, please follow these steps:
- Submit a Request: Send an email to InfoSec@magicleap.com with the subject line: SOC 2 Report Request – [Your Company Name].
- Verification: Our Information Security team will verify your active partnership or pending contract status.
- Sign the NDA: If a valid NDA is not already on file, we will send a digital document for your authorized signatory to complete.
- Secure Delivery: Once the NDA is executed, we will email securely the latest report and a bridge letter, if necessary.