IDmelon Achieves SOC 2® Attestation: Our Continued Commitment to Enterprise‑Grade Data Security

At IDmelon, we’ve always prioritized the security and privacy of our users' data. Today, we are proud to announce another major milestone in that journey: our passwordless platform has successfully completed a System and Organization Controls (SOC) examination, an independent validation of our security controls, operational integrity, and data protection practices.

What a SOC 2 Report is

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 reports are widely recognized as the gold standard for service‑organization security. The examination requires an independent, AICPA‑accredited CPA firm to rigorously assess whether an organization’s controls meet the stringent Trust Services Criteria (TSC) for security, availability, processing integrity, confidentiality, and privacy. By achieving a SOC 2 report, IDmelon demonstrates that its controls are designed and followed to meet AICPA's rigorous security and availability standards.

“Security and trust are the foundation of everything we do,” said Bahram Piri, CEO and Founder of IDmelon. “As organizations move toward passwordless authentication, they need to be certain that their identity provider adheres to the strongest compliance frameworks. Completing our SOC 2 examination provides our customers with the independent assurance that IDmelon’s controls are designed and operated effectively to protect their data and systems.”

What This Means for our Customers

A SOC examination is not a one‑time “certification” or “certificate.” Instead, a SOC report is an attestation engagement, and especially the rigor of a Type 1 examination validates that IDmelon’s controls are operating effectively and that the platform adheres to the AICPA’s security and availability criteria. For clients, this means:

• Independent verification that IDmelon’s security controls are properly designed.

• Continuous monitoring and evidence that those controls operated effectively throughout the examination period.

• Transparent, third‑party validation of IDmelon’s commitment to data protection, availability, and processing integrity.

When a prospective customer asks, ‘How do I know you take security seriously?’, we can point to an independent, AICPA‑accredited SOC 2 report. Such reports tell a complete, evidence‑backed story about how we protect their data, without guesswork or marketing claims.

The SOC 2 achievement builds on IDmelon’s long‑standing commitment to information security. The company’s cloud‑native platform is already built on a robust, scalable infrastructure that leverages Google HSM (Hardware Security Module) for secure key management along with other best‑practice security measures.

About IDmelon

IDmelon is a leading cybersecurity company that enables organizations to seamlessly adopt passwordless multifactor authentication (MFA) for their workforce. By transforming existing identifiers, such as ID badges, NFC cards, and smartphones, into passkeys, IDmelon eliminates passwords and reduces the risk of phishing and credential‑based attacks. The company is a proud participant in the Microsoft Security Store Partner Ecosystem and a member of the Microsoft Intelligent Security Association (MISA).

SOC 2 requires an independent, third-party audit of operational controls, a level of scrutiny that IDmelon has voluntarily embraced. This commitment to transparency and security has also been recognized by HID Global, which entered an agreement to acquire IDmelon in October 2025, further underscoring the value and trust that industry leaders place in the platform’s security and reliability.

Availability

IDmelon’s SOC 2 report is available to customers under a nondisclosure agreement. For more information, please contact Juan Gonzalez Gomez at juan@idmelon.com.