Achieving SOC 2 Type II Compliance: A Milestone in Customer Trust and Security

Lola Armstead

,
Reading Time: 4 minutes
ps badges rgb soc2 type2

We are pleased to announce that Waters Corporation has successfully achieved SOC 2® Type II attestation for the waters_connect™ Cloud software platform, in accordance with the American Institute of Certified Public Accountants (AICPA) standards. 

This accomplishment reflects our unwavering commitment to safeguarding customer data, building trust, and upholding the highest standards of security, availability, and confidentiality across our cloud software platform. 

What is AICPA SOC 2 Type II? 

SOC 2 (Service Organization Control 2) is an internationally recognized auditing framework developed by the AICPA. It evaluates a company’s ability to manage customer data securely across five “Trust Service Criteria”: 

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy
image

While a Type I report reviews the design of controls at a single point in time, a SOC 2 Type II certification report goes further. It independently validates that controls were effectively implemented and consistently operated over an extended review period (often 6 –12 months). 

Our SOC 2 audit focused on the Security element of the Trust Service Criteria. Achieving this attestation provides our customers with ongoing assurance that our policies, processes, and technologies do not just exist on paper but are reliably executed in practice. 

Why SOC 2 Type II Compliance Matters for Our Customers 

As a provider of cloud software for analytical laboratories, many of which operate in highly regulated environments such as pharmaceuticals, life sciences, and healthcare, security and compliance aren’t optional, they’re essential. 

  • Regulatory alignment: Laboratories operating under frameworks such as FDA 21 CFR Part 11 compliance, EMA guidance, and Good Laboratory Practice (GLP) must demonstrate that their data systems meet stringent requirements for security and integrity. Our SOC 2 Type II attestation provides assurance that our platform adheres to industry-recognized standards that align with these expectations. 
  • Risk management: By undergoing independent audit, we provide our customers with verified assurance that their critical and often highly sensitive data is protected against unauthorized access, tampering, and service disruption.  
  • Audit support: For our customers, vendor qualification and compliance audits are routine but resource-intensive activities. Our SOC2 Type II report serves as objective evidence of our control environment, reducing the burden of vendor due diligence and supporting smoother audit readiness. 

Strengthening the Waters Foundation for Growth 

While this attestation is a significant achievement, it is not an end point. SOC 2 Type II compliance reflects a continuous commitment to security and operational excellence. As we continue to innovate and expand our technologies and solutions for analytical labs, we remain dedicated to: 

  • Maintaining a cycle of ongoing monitoring, review, and improvement of our control environment 
  • Ensuring all stakeholders, including employees and external resources, remain trained and accountable for upholding industry best practices 
  • Engaging in periodic independent audits to provide customers with updated assurance 

Continuing the Waters Commitment to Security 

In addition to achieving SOC 2 Type II attestation, and as evidence of our continuing commitment to security, we are proud to share that our CyberVadis rating (as detailed in our blog Protecting Your Laboratory Data: Cybersecurity at Waters) has recently advanced from ‘developed’ to ‘mature’, now awarding us a Platinum Medal. This rating goes beyond our waters_connect Cloud software platform and covers the entire organization.  

Cybervadis provides independent assessments of cybersecurity management systems, benchmarking organizations against international standards and best practices. This upgrade reflects the progress we have made in implementing a more advanced, integrated, and proactive cybersecurity program.  

image

SOC 2 Type II Compliance: Your Trust is Our Highest Priority

For organizations that entrust us with their critical laboratory data, this AICPA certification achievement underscores a simple message: your trust is our highest priority. 

We’re proud to have reached this milestone, and we look forward to continuing to deliver secure, reliable, and compliant cloud solutions that enable analytical labs to focus on what they do best – advancing science. 

Explore how Waters Cloud Software Solutions are transforming laboratory informatics. Visit our Cloud Software Solutions page to learn more.