Yak Security Overview

Yak is an AI-accelerated audit workflow platform built for accounting and audit firms. Security and trust are foundational to what we do. Our customers handle sensitive audit evidence and client data, and we take that responsibility seriously.

Yak has completed a SOC 2 Type 2 audit conducted by an independent service auditor. The audit evaluated the design and operating effectiveness of controls relevant to the Security and Confidentiality Trust Services Criteria.

The examination resulted in an unqualified opinion. In all material respects, Yak’s controls were suitably designed and operated effectively throughout the examination period to provide reasonable assurance that Yak’s service commitments and system requirements were achieved.

Customers and prospects may request a copy of Yak’s SOC 2 Type 2 report under NDA by contacting security@yaktech.io.

Highlights from Yak’s control environment include:

• Logical access to all systems is restricted to authorized users based on least-privilege principles, with role-based access controls enforced across the platform.
• Multi-factor authentication is required for all critical applications accessed by employees.
• Data at rest and in transit is encrypted using industry-standard protocols. All web-based traffic is protected via SSL/TLS encryption.
• Vulnerability scans and penetration tests are performed at least annually, with critical and high findings remediated in a timely manner.
• A formal incident response program is documented, tested annually, and covers identification, containment, eradication, recovery, and communication.
• A business continuity and disaster recovery plan is documented and tested at least annually through tabletop and technical exercises.
• Change management procedures require all changes to be reviewed, tested, and approved by authorized personnel before promotion to production.
• Employee workstations are protected with endpoint encryption, anti-malware software, mobile device management, and VPN requirements.
• Vendor management procedures include annual review of key vendor security documents, including SOC reports and service agreements with defined security and confidentiality requirements.

Yak does not use customer audit data to train models or for any purpose outside of service delivery. In the future, Yak may offer firm-specific AI improvements using that firm’s own data. Any such use will be opt-in, limited to the originating firm’s data, and subject to advance notice and customer consent.