What Trust Your Supplier Is Built On
The organizations that rely on TYS to manage their supplier data deserve a clear picture of how that data is protected.
Audited annually. Clean every year.
TYS undergoes independent SOC 1 Type 2 and SOC 2 Type 2 examinations every year. Both reports are conducted by A-LIGN Assurance, an independent third-party firm, in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA).
The 2026 examinations covered the period February 1, 2025, to January 31, 2026. Both audits were completed with zero exceptions across every control area tested.
This is the sixth consecutive year TYS has achieved this result.
What these audits cover:
The SOC 2 Type 2 examination evaluates whether TYS's controls around security, availability, processing integrity, confidentiality, and privacy are operating effectively over a sustained period — not just whether the right policies exist on paper.
The SOC 1 Type 2 examination evaluates controls relevant to user entities' internal control over financial reporting. For organizations whose own auditors assess the third-party systems they depend on, a clean SOC 1 result is part of your own audit trail.
Zero exceptions means every control tested was found to be operating as designed — consistently, throughout the full audit period.
Five control areas. Zero exceptions.
The 2026 examinations tested controls across five areas:
Control environment — Policies, codes of conduct, background checks, training requirements, organizational structure, and performance accountability for all TYS personnel.
Information security — Access controls, authentication (including MFA), role-based permissions, audit logging, encryption at rest and in transit, logical access reviews, and data disposal procedures.
Computer operations and availability — System monitoring, incident response, business continuity and disaster recovery plans, antivirus and intrusion prevention, and change management procedures.
Data communications — Vulnerability scanning, network segmentation, TLS encryption, firewall configurations, and VPN authentication controls.
Backup and recovery — Encrypted backups, offsite replication, daily incremental and monthly full backup schedules, and annual restoration testing.
Every control point across all five areas returned the same result: no exceptions noted.
Beyond the audit
In addition to annual SOC examinations, TYS maintains the following ongoing security practices:
- Annual internal and external vulnerability scanning, with remediation of identified findings
- Penetration testing to identify emerging risks across systems, infrastructure, and products
- GDPR and CCPA compliance for all applicable data handling
- Real-time production data backup replicated to an off-site facility
- Continuous system monitoring with automated alerting for security events and threshold breaches
For answers to specific data security questions, visit our Data Security FAQ →
SOC reports are available to current clients and prospective customers under NDA. Reach out to your TYS contact for access.
SOC 1 Type 2 and SOC 2 Type 2 examinations conducted by A-LIGN Assurance, Tampa, Florida. Audit period: February 1, 2025 to January 31, 2026. Reports dated March 4, 2026.