This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Clockwork is a SOC 2 Type 1 Certified Agency
At Clockwork, security isn’t a box to check—it’s a core responsibility. We partner with enterprise and regulated organizations in industries like healthcare, finance, insurance, manufacturing, and the public sector. For our clients, security, privacy, and availability are non-negotiable. That’s why we embed industry best practices into every engagement and continually improve how we operate.
SOC 2 Type I compliance
Clockwork has completed a SOC 2 Type I audit, performed by an independent third-party auditor. This audit affirms that our systems and internal controls were designed to meet the AICPA Trust Services Criteria for Security, Availability, and Confidentiality as of August 5, 2025.
What SOC 2 means for our clients
The gold standard in security. SOC 2 (developed by the American Institute of Certified Public Accountants) is one of the most widely recognized frameworks for managing client data securely.
Type I assurance. A Type I report evaluates the design of an organization’s controls at a specific point in time. It validates that our processes and safeguards are properly designed to protect client data.
Verified protections. Our report covers the platforms and processes we use to plan, build, and manage client WordPress websites hosted on Pantheon. It confirms that Clockwork meets high standards for access control, data handling, and risk mitigation.
Faster project start and delivery. Our proven security controls eliminate lengthy compliance reviews, so we can begin work quickly while reducing risk and maintaining the data protection standards your enterprise requires.
Secure adoption of AI and emerging technologies. Our robust security framework enables us to safely integrate cutting-edge tools into our workflows, delivering innovative solutions while maintaining strict data protection standards.
Why this matters when choosing a service provider
Choosing a digital partner isn’t just about expertise in technology and design—it’s about trust. A SOC 2 compliant service provider demonstrates a proven commitment to security, so you can confidently share sensitive data and collaborate on complex projects knowing safeguards are in place.
Request our SOC 2 report
We provide copies of our SOC 2 Type I report to qualified prospects, clients, and partners under a non-disclosure agreement (NDA).
To request a copy: please submit our SOC 2 Type 1 Report Request Form.