Moss is built for finance teams that need more than convenience — they need control, compliance, and confidence. This section is for admins, controllers, accountants, and anyone who needs deeper visibility into how Moss keeps data secure and workflows audit-ready.
1. Moss Security Certifications & Compliance
We meet and exceed the most rigorous standards in data protection and financial compliance:
SOC 2 (Type I)
Independent audit confirming our systems are designed to protect customer data and operate effectively over time.
ISO 27001
International standard for information security management — covering confidentiality, integrity, and availability.
GDPR
Full compliance with EU data protection laws, including data minimization, access controls, and subject rights.
Need proof for internal or external audits? Download our latest Security Overview PDF. It includes our current certifications, processes, and audit trail capabilities.
2. Product Security FAQs for External Accountants
We know that accountants and bookkeepers often need to verify security posture before syncing systems or processing data. Here are answers to common questions:
How secure is Moss’ pre-accounting process?
Moss applies approval flows, GL coding, and VAT tagging within a controlled interface. All user actions are traceable, time-stamped, and stored securely.
Can I rely on Moss data for audit or ERP handoff?
Yes. Exports are built for ERP ingestion and include full context — payer, approver, tags, receipts, and transaction metadata. This reduces reconciliation errors and audit friction.
How are receipts and documents stored?
Uploaded receipts and invoices are encrypted, version-controlled, and linked to transactions with an immutable audit trail.
What user controls are available?
Admins can:
Set user roles (requesters, approvers, reviewers)
Limit access by department or team
Lock transactions post-export to prevent tampering