# Compliance

### SOC 2 Type II Certification

OnRe has achieved SOC 2 Type II certification for the OnRe Finance System across the Security, Availability, and Confidentiality Trust Services Criteria.

The examination was conducted by [BARR Advisory](https://www.barradvisory.com/), confirming that controls meet standards established by the American Institute of Certified Public Accountants (AICPA) and operate effectively over time. This framework requires controls spanning both traditional insurance operations and digital asset infrastructure.

#### Scope of Examination

The SOC 2 Type II examination evaluated the operational framework across five areas:

{% stepper %}
{% step %}
**Access Controls and Identity Management**

* Multi-factor authentication
* Role-based access controls
* Semiannual access reviews
  {% endstep %}

{% step %}
**Change Management and Software Development**

* Branch protection
* Mandatory peer review
* Automated vulnerability scanning
  {% endstep %}

{% step %}
**Data Protection and Cryptography**

* AES-256 encryption at rest
* TLS 1.2+ encryption in transit
  {% endstep %}

{% step %}
**Infrastructure Resilience and Business Continuity**

* Multi-availability zone architecture
* Daily automated backups
  {% endstep %}

{% step %}
**Risk Management and Vendor Oversight**

* Monthly internal risk assessments
* Annual third-party vendor reviews
  {% endstep %}
  {% endstepper %}

#### Implications

SOC 2 Type II certification provides independent assurance that operational controls meet defined standards. Controls apply to the handling of digital assets from contribution through collateralization and redemption, as well as to the protection of underwriting data, pricing models, and claims information.

#### Report Access

To request a copy of our SOC 2 Type II report, or to discuss onchain reinsurance capacity or investment opportunities, reach out at [info@onre.finance](https://info@onre.finance/).