SOC 2 Type II Compliance

SOC 2 Type II Compliance

Most recent report period: September 1, 2025 — November 30, 2025

Time Champ (operated by Snovasys Software Solutions Ltd) maintains a SOC 2 Type II attestation report under the AICPA SSAE 18 standard. The report covers the Trust Services Criteria for Security, Availability, Confidentiality, and Processing Integrity across our development centres and production infrastructure.

What SOC 2 Type II Means

SOC 2 Type II is one of the most rigorous independent attestations available for SaaS providers. A SOC 2 Type II report goes beyond confirming that controls exist (Type I) — it verifies that the controls operated effectively over a continuous period of time under independent testing. This is the standard most enterprise procurement teams require from cloud service providers before signing.

Trust Services Criteria In Scope

What’s Covered in the Report

The SOC 2 Type II audit covers Snovasys’s product engineering, lifecycle, support, DevOps, IT infrastructure, administration, human resources, and third-party services across all in-scope locations. Specifically, the audit tested the following control areas:

• Control Environment — Information security policies, code of conduct, organisational structure, hiring practices.
• Risk Assessment — Annual risk assessments, risk treatment plans, mitigation strategies, fraud risk evaluation.
• Information & Communication — Asset inventory, change management, security training, third-party agreements.
• Monitoring Activities — Internal audit, vulnerability scanning, penetration testing, threshold monitoring.
• Logical & Physical Access Controls — Network, OS, database and application access controls; physical access to server rooms; CCTV, badge access, and termination revocation.
• System Operations — Incident response, security event monitoring, alerting on anomalies, recovery procedures.
• Change Management — Sprint planning, QA testing, segregation of duties between development, staging, and production environments, back-out procedures.
• Risk Mitigation — Business continuity, disaster recovery, daily off-site backups, vendor risk management with SOC 2 reports collected from critical sub-processors.
• Availability Criteria — Enterprise monitoring software, capacity planning, environmental protections (AC, fire, power backup), tested recovery procedures.
• Confidentiality Criteria — Documented classification, storage, sharing, retrieval, and disposal policies aligned with customer agreements.
• Processing Integrity Criteria — QA sign-off prior to production release; restricted database access.

In-Scope Locations

The SOC 2 Type II report covers operations at:

• London, United Kingdom (Headquarters) — Suite A4-05 The Vista Centre, 50 Salisbury Road, Hounslow, Harrow, TW4 6JQ
• Hyderabad, India (Development Centre) — 13th Floor, Building No. 9, WeWork Raheja Mindspace, Survey No. 64, Madhapur, Telangana 500081
• Ongole, India (Development Centre) — No. 9-1-24, Sai Narayana Enclave, Gadiyaram Vari Veedi, Bandlametla, Andhra Pradesh 523001

In-Scope Products

The audit covers the development, deployment, support, and infrastructure for the following Snovasys product suite:

• Time Champ — Our flagship workforce intelligence platform for productivity management, time tracking, behavioural analytics, workflow monitoring, and attendance management.
• BIXO — AI-driven managerial intelligence and automation system for task management, work allocation, and performance monitoring.
• HYDA — Secure communication and collaboration platform for distributed and hybrid teams.
• Software Services — Enterprise application development, system integration, cloud deployment, data engineering, and long-term product support.

Infrastructure & Sub-Processors

Snovasys hosts its SaaS products on certified cloud infrastructure providers. All sub-processors maintain their own SOC 2 and ISO/IEC 27001:2022 certifications:

• Amazon Web Services (AWS) — Primary cloud infrastructure (IaaS)
• Microsoft Azure — Secondary cloud infrastructure (IaaS) and business continuity
• DigitalOcean — Additional managed IaaS services
• CtrlS Tier-IV Data Centres (Hyderabad) — India data residency

For a complete and current list, see our Sub-processors page.

Independent Service Auditor

The audit was conducted in accordance with the attestation standards established by the American Institute of Certified Public Accountants (AICPA). The independent service auditor responsible for the engagement is:

• Auditor: James Garrett Robards, CPA
• State of Licence: Greenville, SC, US
• Licence Number: CPA.10591

Related Certifications & Attestations

SOC 2 Type II is part of a broader compliance posture that includes:

• ISO/IEC 27001:2022 — Information security management system certification.
• HIPAA Compliance — Safeguards for regulated healthcare environments.
• GDPR Compliance — EU and UK data protection commitments.
• DPDP Compliance — India Digital Personal Data Protection Act, 2023.

Contact

For procurement, security, or compliance questions:

• Email: support@timechamp.io
• Phone: 08062358922
• Address: Vista Centre, 50 Salisbury Road, London, TW4 6JQ

This page summarises the Snovasys SOC 2 Type II report for the period September 1, 2025 to November 30, 2025. The full report — including the Independent Service Auditor’s Report, Management Assertion, Description of the System, and Results of Testing — is available on request under NDA. SOC 2 reports cover a defined audit period; we re-audit annually.