Skip to main content

Sidetrade Advances Security Leadership with SOC 1® Type II, SOC 2® Type II Reports and ISO 27001 Certification as AI Footprint Expands

Written by Customer Service on . Posted in Public Companies.

Sidetrade, the Order-to-Cash AI company, announced it has obtained SOC 1® Type II and SOC 2® Type II reports with an unmodified auditor’s opinion, following audits conducted by EY France, and completed a full ISO/IEC 27001:2022 recertification. The results validate the company’s control maturity, data protection practices, and operational resilience at scale, as enterprises increasingly demand verifiable assurances on AI governance and financial process integrity, particularly in regulated environments.

The SOC (System and Organization Controls) reporting framework provides independent assurance on the design and operating effectiveness of controls over time. Following audits conducted by EY France, Sidetrade received SOC 1® Type II and SOC 2® Type II reports with an unmodified auditor’s opinion, confirming that its internal controls were suitably designed and operated effectively throughout the audit period.

Notably, these results were achieved while Sidetrade integrated acquisitions, expanded its global footprint, and introduced new agentic AI capabilities, indicating a level of control maturity capable of absorbing structural and technological change without degradation.

In parallel, the ISO 27001:2022 full recertification confirms the continued effectiveness of Sidetrade’s Information Security Management System (ISMS), aligned with international best practices, with no material nonconformities recorded. Sidetrade has been ISO 27001 certified since 2019.

According to Laurent Pontier, Sidetrade CTO Chief of Staff: “Achieving these SOC1, SOC2 and ISO 27001 results, while scaling rapidly and introducing new agentic capabilities required a disciplined, cross-functional operating model, and I’m incredibly proud of the teams involved. Security and compliance at Sidetrade are designed as proactive control layers, developed to remain robust as our products, AI architecture and market conditions evolve.”

A trust signal for regulated and US-based enterprises

For enterprises operating under Sarbanes-Oxley (SOX) or equivalent regulatory regimes, SOC 1® Type II remains a core assurance mechanism, confirming that software supporting financial processes is governed by reliable and consistently applied, auditable controls. SOC 2® Type II, increasingly required by US enterprises during vendor due diligence, provides independent assurance over security, availability, and confidentiality controls across infrastructure and development operations.

“AI at scale cannot be treated as an experiment. It must be governed, observable, and resilient by design,” said Pontier. “The SOC reports reflect how we design our AI platform to meet the control standards expected in SOX-regulated environments. Trust is not declared. It is demonstrated, year after year.”

Issued by EY CertifyPoint, Sidetrade’s latest ISO 27001 recertification adds a complementary layer of assurance, signaling a mature and embedded approach to information security governance. In 2025 Sidetrade transitioned to the latest version of the norm: ISO/IEC 27001:2022.

AI platform and data sovereignty built into security framework

With AI central to Sidetrade’s platform, the company’s ISO/IEC 27001:2022 certified ISMS scope explicitly includes its artificial intelligence systems, including Aimie, its agentic AI, alongside its core Order-to-Cash applications and services.

Sidetrade’s SOC 1® Type II report covers controls relevant to customer-facing applications supporting financial processing, while the SOC 2® Type II report covers the organization’s controls across people, processes and technology, including operational processes and its software development lifecycle.

While SOC reports do not provide AI-specific assurance, AI capabilities are developed and operated under the same standard development and security controls applied across Sidetrade’s platform.

Since its inception, Sidetrade has taken a deliberate approach to sovereignty by operating its infrastructure, AI models and payment data within a controlled environment. This ensures full segregation of customer data and keeps it within, secure, controlled boundaries. The approach is designed to meet the highest standards of privacy, security and regulation, including GDPR.

Preparing for the next regulatory wave

The audit outcomes also support Sidetrade’s preparation for emerging regulatory frameworks, including the EU AI Act, which is expected to increase formal expectations around risk management, transparency, and control design for AI companies such as Sidetrade.

While SOC reports are distributed under NDA and ISO 27001 certification applies strictly to the defined ISMS scope, the combination remains a key trust signal for enterprises evaluating AI vendors in mission-critical financial workflows.

As businesses accelerate AI adoption while tightening vendor oversight, Sidetrade’s latest audit outcomes position it among AI providers treating security assurance as continuous operational discipline rather than a marketing milestone.

Find out more about Sidetrade’s commitment to effective governance and Corporate Social Responsibility here.

Investor relations @Sidetrade
Christelle Dhrif                00 33 6 10 46 72 00           cdhrif@sidetrade.com

Media relations @Sidetrade
Oli Thornton                 00 44 7933 108 107         oli.thornton@sidetrade.com

About Sidetrade (www.sidetrade.com)
Sidetrade (Euronext Growth: ALBFR.PA) is an AI company redefining how enterprises secure and accelerate cash flow. At the core of its applications is Aimie, Sidetrade’s agentic AI, trained on more than $7.7 trillion in B2B transactions. Powered by a proprietary Order-to-Cash Data Lake and domain expertise, Aimie continuously learns and operates autonomously across the Order-to-Cash. This coworker drives agility, informs decision-making, and ensures reliable execution. Aimie enables finance, sales, and customer-facing teams to unlock working capital and strengthen resilience. Sidetrade supports businesses in 85 countries and employs 450 people across North America, Europe and Asia-Pacific.
 For more information, visit us at www.sidetrade.com and follow us on LinkedIn at @Sidetrade.
In the event of any discrepancy between the French and English versions of this press release, only the English version is to be taken into account.

Attachment

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.