Qube Passes SOC 2 Type II Audit for the Third Consecutive Year
Qube has passed its most recent SOC 2 Type II audit. For the third consecutive year, an independent auditor reviewed our controls, processes, and infrastructure and found them consistent with high standards for the security and protection of data. Our audit was scoped to the Security Trust Services Criteria.
Audit Scope: Real-World Validation
While the SOC 2 Type II observation period mostly covered the last 12 months, this report effectively provides coverage through the end of 2026 and into 2027. With respect to our operations, the focus was not only if our controls were defined, but on whether they were followed consistently across the company.
Auditors rigorously assessed the following critical control domains:
Access controls
Encryption
Change management
Network monitoring
Incident response
Each control was evaluated using evidence from day-to-day operations rather than assessed in preparation for the audit. Logs, tickets, communications, and workflows were evaluated for completeness and timeliness against those live operating conditions.
How Qube Delivered
Sustaining this result required cross-functional collaboration between IT, HR, Finance, Development, and Operations throughout the full audit period. The goal was not only compliance, but processes that are auditable and effective under real operating conditions.
Qube continued to invest in automation to monitor critical controls, track verifiable evidence, and reduce the risk of human error. Because the controls and workflows from our 2024 audit were maintained and refined throughout 2025, this year's examination built on an established foundation rather than a rebuilt one.
Outcome: Confidence for Customers
The result is a clean SOC 2 Type II opinion with no material exceptions. For operators deploying Qube's continuous methane monitoring, this offers assurance that their data is protected, intact, and available. For regulators and investors, it provides third-party validation that Qube's internal systems align with leading compliance frameworks.
“Passing the SOC 2 audit for the third consecutive year means something more than the first,” said Greg Taylor, Qube’s Chief Technology Officer. "It tells you the controls are a sustained foundation of how the organization operates. I'm proud of the team here at Qube who have made that consistency possible."
For customers, the outcome is clear: you can deploy Qube’s continuous monitoring solutions with confidence that your data remains protected, intact, and available whenever you need it.
Looking Ahead
Qube is committed to managing its platform and operations in a SOC 2 compliant manner year-round. We view this certification as a foundation for sustained operational excellence and growth. We thank our team for making this milestone possible and our customers for entrusting us with their data.
FAQ: SOC 2 and What It Means for Qube’s Customers
-
The American Institute of Certified Public Accountants (AICPA) developed SOC 2 (System and Organization Controls 2) as an auditing framework for managing customer data. It establishes criteria across five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. An independent third-party auditor conducts the examination and issues an opinion on whether a company's controls meet those criteria.
-
A Type I audit evaluates whether a company's controls are suitably designed at a single point in time. A Type II audit examines whether those controls operated effectively over an extended period, typically 12 months. Type II is the more rigorous standard, and the one Qube holds.
-
Any company that stores, processes, or transmits customer data has an obligation to protect it. SOC 2 provides a structured, independently verified way to demonstrate that obligation is being met.
For industrial operators who share emissions data, operational performance metrics, or site-level sensor data with a software provider, SOC 2 certification is a meaningful signal that the provider has defined and tested controls around how that data is handled.
In regulated industries, this matters for internal audits, procurement processes, and vendor risk management. Many enterprise customers now require SOC 2 Type II certification as a baseline condition for engaging with software vendors.
-
Annually. Each audit covers the prior 12-month period, so Qube's certification is based on sustained performance rather than a point-in-time snapshot. Customers can request a copy of Qube's SOC 2 report under NDA by contacting their account representative.
-
Yes. The controls evaluated during the audit govern how data is ingested, stored, accessed, and transmitted within Qube's platform. Access is restricted to authorised personnel, data is encrypted in transit and at rest, and changes to systems go through formal change management processes. They are operating procedures reviewed and validated each year.