Skip to main content

Advanced security & trust resources

Anna Dziurosz avatar
Written by Anna Dziurosz
Updated over 2 weeks ago

Moss is built for finance teams that need more than convenience — they need control, compliance, and confidence. This section is for admins, controllers, accountants, and anyone who needs deeper visibility into how Moss keeps data secure and workflows audit-ready.


1. Moss Security Certifications & Compliance

We meet and exceed the most rigorous standards in data protection and financial compliance:

  • SOC 2 (Type I)
    Independent audit confirming our systems are designed to protect customer data and operate effectively over time.

  • ISO 27001
    International standard for information security management — covering confidentiality, integrity, and availability.

  • GDPR

    Full compliance with EU data protection laws, including data minimization, access controls, and subject rights.

Need proof for internal or external audits? Download our latest Security Overview PDF. It includes our current certifications, processes, and audit trail capabilities.


2. Product Security FAQs for External Accountants

We know that accountants and bookkeepers often need to verify security posture before syncing systems or processing data. Here are answers to common questions:

How secure is Moss’ pre-accounting process?

Moss applies approval flows, GL coding, and VAT tagging within a controlled interface. All user actions are traceable, time-stamped, and stored securely.

Can I rely on Moss data for audit or ERP handoff?

Yes. Exports are built for ERP ingestion and include full context — payer, approver, tags, receipts, and transaction metadata. This reduces reconciliation errors and audit friction.

How are receipts and documents stored?

Uploaded receipts and invoices are encrypted, version-controlled, and linked to transactions with an immutable audit trail.

What user controls are available?

Admins can:

  • Set user roles (requesters, approvers, reviewers)

  • Limit access by department or team

  • Lock transactions post-export to prevent tampering

Did this answer your question?