Milan, February 2024

Audited by EY, SupplHi is at the forefront of compliance standards, meeting Customer needs and delivering best-in-class and compliant processes and controls.


SupplHi, the best-of-breed Vendor Management SaaS for critical goods and services, has completed its SOC 1 Type II audit. This attestation verifies that SupplHi has the proper internal controls and processes in place to deliver high-quality services to its Customers.

EY, a leading CPA firm, performed the audit and appropriate monitoring of SupplHi’s controls that may affect its clients’ financial statements. 

The Service Organization Control (SOC) 1 Type II is a reporting on the controls put in place within a service organization that was established by the American Institute of Certified Public Accountants (AICPA). This attestation is performed in compliance with the International Standard on Assurance Engagements No. 3402 (ISAE 3402) Assurance Reports on Controls at a Service Organization, issued by the International Auditing and Assurance Standards Board auditing standards.

The SOC 1 Type II report recognizes that SupplHi operates following proper and effective control procedures across all areas that are relevant to an audit of a Customer entity’s financial statements.

To obtain such a standard is a testimony of the adequateness and effectiveness of the controls and mechanisms leveraged within SupplHi. The SOC 1 Type II audit report includes an extensive description of SupplHi’s controls as well as of the detailed monitoring of these procedures performed by EY during the last few months, stating ongoing compliance with the AICPA’s rigorous standards for security and efficacy over a period of time.

The report, audited by the independent CPA firm EY, validates the suitability of the design and operating effectiveness of SupplHi’s controls. The resulting report covered 30 controls across key process areas, including Application Change Management; Infrastructure Change Management; Access Management; Application Access Management; Infrastructure Access Management; and IT Operations Management.