We are delighted to share the news that Cobalt is now SOC 2 Type II certified!
After receiving the SOC 2 Type I certification in 2020, we didn’t stop there. Meeting our goal of becoming SOC 2 Type II certified bolsters our ability to build consistent, auditable, repeatable security programs within frameworks that are best fit for our customers’ needs. As a trusted application security company and Pentest as a Service (PtaaS) provider, we continuously aim to meet and exceed industry standards and customer expectations to deliver security controls that are effective at protecting and defending customer data.
What is SOC 2 Compliance?
To ensure a business is exercising best practices for maintaining data security, SOC 2 compliance outlines a framework of security standards based on the five SOC 2 trust principles developed and maintained by the American Institute of Certified Public Accountants (AICPA).
Obtaining the SOC 2 Type I and Type II certifications is one way to demonstrate that Cobalt is committed to delivering end-to-end security with our Pentest as a Service platform. The SOC 2 audit report is evidence of our commitment as a partner to keep highly sensitive data thoroughly protected. We are always looking to raise the bar for security, and keeping data secure for our customers remains a top priority.
SOC 2 Type I vs Type II
-
Type I: Describes how security and compliance controls are “designed” based on a specific point in time. For example as of March 31st, the organization conducts background checks and has job descriptions for roles and responsibilities.
-
Type II: Describes the “design and operating effectiveness over a period of time (audit period)”, typically 6-12 months. This assessment shows the SOC 2 control implementation and operating effectiveness over that time period— subsequently, our audit period was from April 1st, 2020, to March 31st, 2021.
What This Means for Cobalt Customers
Trust and transparency are at the forefront of security and data privacy for us as a PtaaS provider. Maintaining SOC 2 compliance is one of the most commonly followed frameworks, in addition to being an integral part of security, sales, and operations workflows. Achieving the SOC 2 Type II certification further demonstrates our promise of customer data protection over an extended period of time with robust capabilities to identify, track, and resolve security vulnerabilities.
With Cobalt, you can trust us to provide speed, integrations, talent, and efficiency for the long haul. Interested in how SOC 2 can apply to your business model or objectives? Learn more about how Cobalt’s Pentest as a Service platform can help you achieve your company’s SOC 2 compliance needs.