PhotonPay has completed its SOC 2 Type I audit, adding to existing ISO 27001 and PCI DSS Level 1 certifications.
The audit was conducted in accordance with standards set by the American Institute of Certified Public Accountants (AICPA). A SOC 2 Type I assessment evaluates whether an organisation's systems and controls are suitably designed to meet defined criteria across security, availability, and confidentiality at a specific point in time. The completion of this audit provides PhotonPay's clients and partners with documented assurance regarding how their data is managed.
Expanding an existing compliance framework
The SOC 2 Type I certification joins PhotonPay's existing portfolio of security standards, which includes ISO 27001 and PCI DSS Level 1 certifications. Together, these frameworks address data security management, payment card data protection, and now third-party assurance over internal controls design.
According to the company, data at rest and in transit is secured through encryption, and an AI-driven risk engine is used to monitor and flag potential fraud activity at each stage of the payment process. In addition, for businesses operating cross-border payment infrastructure, compliance with internationally recognised security standards carries practical significance. Institutional clients, regulated partners, and enterprise customers increasingly require documented evidence of control frameworks before onboarding payment service providers, particularly those handling sensitive financial data across multiple jurisdictions.
Next steps: Type II assessment
PhotonPay has indicated it intends to proceed with a SOC 2 Type II audit. Unlike the Type I assessment, which evaluates control design at a point in time, a Type II audit examines the operational effectiveness of those controls over a defined period, typically ranging from six to 12 months. Completion of a Type II audit would provide a more comprehensive basis for third-party assurance.
The company's compliance activities reflect broader trends in the payments industry, where regulatory scrutiny and enterprise procurement standards are driving providers to pursue layered certification programmes. For fintechs and payment infrastructure firms operating globally, maintaining alignment with frameworks such as SOC 2, ISO 27001, and PCI DSS has become a practical requirement for market access and partner integration.
