SOC 2 Type II and SOC 3 Information Security
Cumulus9 achieves SOC 2 Type II and SOC 3 attestations
London, 27 November 2025 – Cumulus9 Limited, a leading provider of derivatives risk and margin analytics for global financial institutions, today announced it has successfully achieved System and Organization Controls (SOC) 2 Type II and SOC 3 attestations, further strengthening its commitment to the highest standards of information security and data protection for its clients worldwide. Cumulus9 Limited is included within the scope of its parent company, Kaizen Regtech Group Limited’s SOC 2 Type II and SOC 3 reports.
This achievement complements the company’s ISO 27001:2022 certified Information Security Management System (ISMS), creating a robust dual-framework approach that addresses the diverse compliance requirements of financial institutions across the UK, EU, US and APAC.
These attestations reinforce Cumulus9’s secure-by-design approach to derivatives risk and margin analytics, providing independent validation of the controls that safeguard client data across our global platform.
“Achieving SOC 2 Type II and SOC 3 attestations represents a significant milestone in our continuous journey to provide world-class information and data security to our clients. While our ISO 27001 certification demonstrates our systematic approach to information security management, these SOC attestations provide the detailed operational validation that many of our clients value. Together, these frameworks create a comprehensive security program that meets and exceeds the expectations of our global client base.”
The SOC 2 Type II attestation evaluated Cumulus9’s controls across all five Trust Services Principles (Security, Availability, Processing Integrity, Confidentiality, and Privacy), providing detailed assurance on the effectiveness of controls protecting client data across the Cumulus9 platform. The accompanying SOC 3 report enables Cumulus9 to publicly demonstrate its commitment to security excellence.
Financial institutions face increased scrutiny from regulators worldwide on information security. By maintaining both ISO 27001 certification and SOC 2 Type II attestation, Cumulus9 addresses the wide range of data security requirements across different regulatory jurisdictions, from prescriptive ISMS-focused requirements in Europe and APAC to the detailed control validation required by US institutions. While ISO 27001 provides a framework for continuous improvement in data security and risk management, SOC 2 Type II provides operational evidence and control testing for our security practices.
For more information about Cumulus9 and our security certifications, please contact us at info@cumulus9.com.