Skip to main content
Announcement: Root completes ISAE3000 (SOC2) audit

Announcement: Root completes ISAE3000 (SOC2) audit

Charlotte Koep  •  7 February 2023

We’re proud to announce that we’ve successfully completed the 1st independent audit of our internal security controls against the ISAE 3000 (SOC2) standards!

At Root, we take systems and data security seriously and this affirms our commitment to provide state-of-the-art security, privacy, and compliance to our clients.

What is ISAE 3000 (SOC2)?

ISAE 3000 was developed by the International Auditing and Assurance Standards Board, and is a globally recognised standard used to independently assess a company’s internal control environment.

Our ISAE 3000 (Type 1) audit was performed by an independent, international auditing firm, who assessed the design and implementation of our internal security controls in terms of the Service Organization Control 2 (SOC2) Trust Services Criteria relating to security.

These voluntary compliance standards specify how cloud service providers should manage data in terms of a range of criteria including security.

An ISAE 3000 (Type 1) audit report therefore gives the clients of cloud service providers comfort that they have put in place properly designed security controls to protect client data.

How does our audit help our clients?

In the words of our CEO, Louw Hopley: "At Root, we are committed to delivering the highest quality and most secure insurance software to our clients. That's why we are thrilled to announce that we have achieved this significant milestone that demonstrates our dedication to upholding strong controls over our systems and your data. This achievement is a testament to the hard work and dedication of our team, and we are proud to offer our clients peace of mind in the security of our systems and platform."

Use a cloud service provider you can trust

Using a cloud-based digital platform as a core operating system for your business involves a high level of trust that your data is secure.

Platform security is therefore of the utmost importance to protect against threats like fraud, hacking, phishing and denial of service attacks.

This is even more critical for our clients in the heavily regulated and scrutinized insurance space, who process significant amounts of sensitive policyholder data at any given time.

For security-conscious businesses like our clients, using a trusted cloud service provider is a necessary requirement.

Our audit not only demonstrates our commitment to security, but the independent assessment of our security controls also gives you peace of mind that we are dedicated to putting robust measures in place to protect your data.

You can grow your insurance business on Root with utmost confidence in the security of our platform.

Want to find out more?

If you’re an existing client and would like to get access to our audit report, feel free to reach out to If you’d like to find out more about Root and the security of our platform or schedule a demo, please reach out to


Charlotte Koep

Chief Operating Officer

Root is an end-to-end digital insurance platform that enables you to launch new products and digital engagement channels fast. We package all the compliance, regulatory and reporting complexities behind easy-to-use APIs, allowing your team to focus on building great customer experiences.

Are you interested in taking your insurance business to the next level today? Email us at [email protected] or get in touch here to hear more.

Schedule a chat

Stay in touch

Receive updates and the latest news from Root.

Thank you

Your email has been added to our mailing list.

By subscribing you agree to our Ts & Cs and our Privacy Policy, including our use of cookies.

We use cookies to ensure that we give you the best experience on our website, as described in our Privacy Policy.
If you continue to use this site we will assume that you are happy with it. Change options.

Statistic cookies help us to understand how visitors interact with our website by collecting and reporting information anonymously. Google Analytics cookies are anonymized.