How does deployment work?

Certexi deploys on your infrastructure — on-premise, private cloud, or air-gapped environments. Basic deployment takes 1-2 days. Enterprise deployments with custom integrations typically take 1-2 weeks.

Your data stays on your own infrastructure (on-premise or private cloud). We use SSL/TLS 256-bit encryption, comply with GDPR, and align with ISO 27001. We never access your operational data.

How long does implementation take?

Basic implementation takes 1-2 days. For enterprise deployments with custom integrations, typically 1-2 weeks. Configuration support is included in all plans.

Does it work without internet?

Yes. Certexi operates locally on your network. Offline mode allows full operation for up to 60 days without connectivity. Data syncs automatically when connection is restored.

United States (globally recognized)

SOC 2 Type II evidence captured continuously, not assembled before audit

SOC 2 — Service Organization Control 2

Access control records, availability monitoring, change management evidence, and incident documentation — generated continuously so SOC 2 auditors find a year of evidence ready.

CPA firms (AICPA-licensed auditors)United States (globally recognized)

Request Architecture Session

Private deployment · Sovereign infrastructure · Architecture session included

About SOC 2

SOC 2 is an auditing framework developed by the AICPA that evaluates service organizations' controls related to security, availability, processing integrity, confidentiality, and privacy.

Top audit finding

“User access reviews not performed at required frequency with documented evidence”

Most common SOC 2 non-conformance finding

Requirement mapping

SOC 2 requirements — and how Certexi addresses them

Framework requirements

1Security: access controls, encryption, and vulnerability management evidence
2Availability: system monitoring, incident response, and recovery records
3Change management: authorized changes with testing and approval records
4Risk assessment: periodic evaluation with treatment records
5Vendor management: third-party reviews and contractual commitments

Certexi approach

Access control records: provisioning, review, deprovisioning with timestamps and approvals
Incident management: detection, response, and post-incident review records
Change management workflow: request → approval → testing → implementation → verification
SOC 2 evidence portfolio: trust service criteria organized evidence with testing linkage

Industry relevance

Sectors where SOC 2 compliance applies

Healthcare & Pharma

Government & Public Sector

Core capabilities

Use cases central to SOC 2 compliance

access control records incident reporting audit preparation training records

PRICING

Aligned to Operational Value, Not User Count

Pricing scales with deployment scope, not headcount. Your data. Your infrastructure. Your rules.

All plans include private deployment. Your data never leaves your infrastructure.

ISO 27001 Aligned

Private Deployment

Unlimited Users

Currency

Pilot

Validate before you commit

Custom

5 spots per quarter

Full platform deployment
Configuration support
Onboarding and training
Direct product team access
Feedback-driven iteration
8-week evaluation period

Standard

Single-location operations

Operational Deployment

Priced by deployment scope, not seats

Most deployments begin at one site, one workflow. Pricing expands with scope.

All core platform capabilities
Standard template library
Private deployment included
Email support (24h response)
Quarterly platform updates
Unlimited users

Enterprise

Multi-location, high-compliance

Custom

Based on deployment scope

Everything in Standard
Custom template development
Dedicated support engineer
SLA guarantees
Advanced integrations
Air-gapped deployment option

Private Deployment Included in All Plans

Every plan includes full deployment on your infrastructure — Nextcloud, Linux servers, Docker, Kubernetes, or air-gapped environments. Your data never leaves your control.

SOC 2 evidence generated daily, not assembled under audit pressure.

Private deployment on your infrastructure. Architecture session included.

Request Architecture Session