flyability_logo_horizontal_white_trimmed
flyability_logo_horizontal_white_trimmed
Contact us
  1. Blog >
  2. Inspector Online and SOC 2®: What It Means for Your Data...

Inspector Online and SOC 2®: What It Means for Your Data Security 

Enterprise and government organizations rely on Flyability drones to perform inspections in some of the most challenging environments — from confined industrial assets to critical infrastructure. These operations generate large volumes of data that need to be stored, shared, and analyzed in the cloud.

As a result, a key question arises: how secure is the platform managing that data?

To strengthen the security of its cloud offering, Flyability has completed a SOC 2 Type II audit. This is an important milestone — but also a concept that is not always clearly understood outside of IT and security teams.

This article explains what SOC 2 is, what it actually tells you about a cloud platform, and why it matters when evaluating Inspector Online for managing Elios 3 data — especially in organizations where IT, cybersecurity, or procurement teams are involved in vendor review

For many teams, this is not only about security posture itself, but also about making internal approval of a cloud platform more straightforward.

What is SOC 2? 

System and Organization Controls (SOC) is a suite of reporting frameworks developed by the American Institute of Certified Public Accountants (AICPA). SOC 2® is one of these frameworks and focuses on controls related to security, availability, processing integrity, confidentiality, and privacy.

 21972-312_SOC_NonCPA
 

Rather than testing a product itself, a SOC 2 audit examines how a service is operated — including areas such as access control, data protection, monitoring, and incident response.

At the end of the process, an independent auditor issues a report describing the system and providing an opinion on whether the controls in place meet defined criteria.

SOC 2 is not a certification. It is an attestation, meaning a third party has reviewed how the service operates and assessed its controls.

What a SOC Type II Audit Tells You

There are two types of SOC 2 reports. A Type I report looks at whether controls are properly designed at a specific point in time. A Type II report goes further.

With a SOC 2 Type II audit, the auditor evaluates not only the design of controls but also whether they are consistently applied over a period of time. This means looking at evidence — logs, processes, reviews — to verify that security practices are not just documented, but actually followed in day-to-day operations.

For someone evaluating a cloud platform, this distinction matters. It provides a higher level of confidence that the service is operated in a structured and repeatable way, rather than relying on ad hoc practices.

What did SOC 2 Assess at Flyability? 

Flyability’s SOC 2 audit focuses on the systems and processes that support its cloud services, including Inspector Online.

This includes:

  • The cloud infrastructure supporting the platform
  • The operational processes used to run and maintain the service
  • The security controls protecting the system and the stored data
  • The organizational processes that support secure operations

Like any SOC 2 report, the scope is defined: it is centered on the cloud platform and the elements that directly support it. It should not be interpreted as covering every aspect of the company, but rather the parts that are relevant to delivering the service securely.

What SOC 2 Does - and Does Not - Guarantee

It is tempting to interpret SOC 2 as a guarantee of security. In reality, no audit or framework can provide that level of certainty.

What SOC 2 does provide is independent assurance that appropriate controls are in place and operating as expected within the defined scope. It shows that a company has taken a structured approach to security, documented its practices, and subjected them to external review.

What it does not mean is that incidents are impossible, or that risk has been eliminated. Security is an ongoing process, and maintaining it requires continuous effort beyond any single audit.

Understanding this distinction is important when evaluating any cloud provider.

What it Means for Inspector Online

For users of Inspector Online, SOC 2 is relevant because it speaks to how the platform is operated behind the scenes.

Inspection data can be sensitive, operationally important, and sometimes business-critical. Knowing that the platform managing that data is supported by defined controls — around access, data protection, monitoring, and recovery — helps build confidence in how it is handled.

SOC 2 also plays a practical role during vendor evaluation. Many organizations, particularly in enterprise and government environments, require an independent assessment of security practices when reviewing a new platform. A SOC 2 report provides a structured way for internal IT and security teams to perform that review, and can help make those conversations more efficient by giving them a recognized framework to start from.

Part of a Broader Approach to Security

SOC 2 is one component of Flyability’s wider approach to securing its cloud services.

The platform is designed with practices such as encryption of data in transit and at rest, strong access controls including multi-factor authentication, regular vulnerability scanning, and independent penetration testing. Operational processes such as backups, monitoring, and incident response are also part of how the service is maintained.

These measures are part of a broader control environment that is documented, reviewed, and maintained as part of how Inspector Online is operated. The SOC 2 audit brings these elements together into a single, independently reviewed framework, and supports the detailed assessment that many customers’ IT and security teams require.

Want to Know More? Your Next Steps 

For many teams, this level of information is enough to understand how Inspector Online approaches security.

For others — particularly IT, cybersecurity, or compliance teams — a deeper review is often required. In those cases, Flyability can provide additional information, including the full SOC 2 report under an NDA, as well as direct discussions with the Security team responsible for operating and securing the platform.

In practice, this is often the next step once there is initial alignment on the solution and the customer’s internal review moves into procurement or security assessment.

TALK TO OUR TEAM!

 

Table of contents

    SEE ALSO