NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Announcing SOC 2 Type 1 Certification: A Commitment to Our Customers

As an application security company, offering our customers the highest level of confidence in our own security practices is critical.

As an application security company, offering our customers the highest level of confidence in our own security practices is critical. Today, we are thrilled to announce that as of April 2020, Cobalt is officially SOC 2 Type 1 certified.

We wanted to highlight to our customers that we consistently build security programs that are auditable, repeatable, and built to a framework baseline that is easy for everyone to understand. This requires consistency across the board. SOC 2 involves particular controls that go into the audit, and achieving certification shows that we’ve been able to meet or exceed those expectations for each area.

SOC 2 certification is an industry standard framework when you have a SaaS platform because it covers so many fundamental areas of security, governance, risk, and compliance for service providers. Our goal over the past year was to raise the bar on security, and the focus on SOC 2 provided the framework and structure to meet that goal while also improving our operational security capabilities.

Our end goal of achieving SOC 2 certification is developing comprehensive programs that will stick around for a very long time, while always driving for iterative improvements. At the highest level, this includes formalizing tactical initiatives driven by different teams and for infrastructure.

It is important to point out that just because you are SOC 2 certified doesn’t mean you are fully secure. However, it does highlight a commitment to customers to ensure that their data is protected to industry standard.

SOC 2 certification is a journey that requires a deep dive into your system, but it’s worth it for you and your customers. For us, this milestone will allow us to achieve our SOC 2 Type 2 audit in early 2021. This shows that we are maintaining all of our controls on a recurring basis throughout the year instead of at just one point in time.

Stay tuned for our next SOC 2 blog post that will share what considerations to keep in mind when thinking about getting SOC 2 certified.

Back to Blog
About Caroline Wong
Caroline Wong is an infosec community advocate who has authored two cybersecurity books including Security Metrics: A Beginner’s Guide and The PtaaS Book. When she isn’t hosting the Humans of Infosec podcast, speaking at dozens of infosec conferences each year, working on her LinkedIn Learning coursework, and of course evangelizing Pentesting as a Service for the masses or pushing for more women in tech, Caroline focuses on her role as Chief Strategy Officer at Cobalt, a fully remote cybersecurity company with a mission to modernize traditional pentesting via a SaaS platform coupled with an exclusive community of vetted, highly skilled testers. More By Caroline Wong
How a SaaS Startup Scaled Growth with PtaaS & SOC 2 Compliance Automation
How Neural Payments uses pentesting and SOC 2 compliance automation to set themselves up for security posture success.
Blog
Apr 13, 2022