Lucasys Begins 2026 with Renewal of SOC 1 Type II and SOC 2 Type II Certifications

Lucasys has successfully completed the renewal of the SOC 1 Type II and SOC 2 Type II certifications, reinforcing our continued commitment to security, control, and financial accuracy.

At Lucasys, we understand the responsibility that comes with supporting systems that directly impact our customers’ financial reporting and data integrity. That responsibility is shared across our entire organization. It is embedded into how we design our platform, how we support customers, and how we operate as a company. 

This renewal confirms that Lucasys continues to operate at the gold standard expected of modern SaaS organizations, reducing audit friction, demonstrating consistently effective controls, and supporting the regulatory complexity our customers face every day.

What SOC 1 Type II and SOC 2 Type II Mean

SOC 1 Type II and SOC 2 Type II are widely recognized independent audit standards issued under the American Institute of Certified Public Accountants (AICPA). They are designed for organizations whose systems and services play a critical role in financial reporting, compliance and data security.
SOC 1 Type II evaluates controls related to financial reporting and confirms that those controls are well designed and consistently executed over time. This matters for organizations where software outputs directly influence financial statements, book-to-tax differences, and regulatory reporting. 

SOC 2 Type II focuses on the Trust Services Criteria, including security, availability, confidentiality, processing integrity, and privacy. In today’s environment where data security is often the top concern for IT teams, SOC 2 Type II provides assurance that sensitive customer data is protected through disciplined, well-governed controls that operate reliably in practice.

Having both certifications is critical. Together, SOC 1 and SOC 2 demonstrate that Lucasys supports both the financial integrity tax professionals depend on and the data protection standards IT organizations require.

Independent Validation of Our Internal Controls

This audit included a comprehensive review of both the design and operating effectiveness of Lucasys’ internal controls across a sustained review period, conducted by an independent CPA firm in accordance with AICPA standards.

The process evaluated dozens of controls across the organization, including policies, procedures, supporting evidence, live walkthroughs, and real-world examples from day-to-day operations. Teams across product, engineering, operations, and customer-facing functions participated, reinforcing that control and accountability are shared responsibilities.

SOC audits are not one-time events. They are recurring, continuous processes that require organizations to stay audit-ready at all times. For Lucasys, this level of rigor is standard operating procedure. 

We view the audit process as a sharpening mechanism that strengthens how we operate and serve customers, not as a box to check once a year. The successful certification renewal reinforces our ability to support customers operating in highly regulated environments where audit readiness and data reliability are essential.

Security That Supports Tax Teams and Satisfies IT 

Teams evaluating enterprise tax software often experience risk differently. While IT teams are focused on data security and access controls, tax teams are focused on audit readiness, financial accuracy, and regulatory compliance. Lucasys is built to support both.

Our platform is designed to be security-forward without creating friction for tax professionals. We operate as an IT-friendly partner, ensuring that security requirements do not derail implementation timelines or slow down critical tax workflows.

Lucasys uses a single-tenant, logically separated architecture that keeps customer data secure within its own environment. Customer data is not shared across tenants, and security controls are designed to meet the expectations of even the most rigorous IT and cybersecurity review processes.

Built on Trust and Accountability at Every Level 

“We understand that utilities and energy companies rely on Lucasys to support complex financial and tax operations that directly affect compliance and reporting,” said Stephen Strang, CTO and Co-founder of Lucasys. “Renewing both SOC 1 Type II and SOC 2 Type II certifications reflects the strength of our internal controls and security practices, and our continued commitment to delivering reliable, transparent systems our customers can trust.”

This commitment extends beyond technology. Lucasys leadership is actively involved in the audit process, reinforcing that accountability, control and customer trust are leadership priorities, not merely compliance functions. 

Confidence You Can Rely On

Lucasys delivers scalable, cloud-based software and services built by teams with deep industry and domain expertise. We help asset-intensive organizations streamline tax reporting, strengthen fixed asset management, and navigate an increasingly complex regulatory landscape.

Whether preparing for an audit, managing book-to-tax differences, or safeguarding financial data, Lucasys is built to support the workflows that matter most—securely, consistently, and with care.

If you’re interested to learn more, please contact your Lucasys representative to request the SOC reports. 

How Lucasys Can Help

Lucasys delivers cloud software, and other technology-enabled services to empower finance, accounting, and tax professionals in asset-intensive industries to optimize the financial performance of their fixed assets and proactively meet changing regulatory and compliance requirements. With a core focus on rate-regulated utilities, Lucasys provides the industry and domain expertise energy and utilities require to meet their business objectives. To learn more about Lucasys, visit https://www.lucasys.com or follow us on LinkedIn.