Menu Icon
< back to main
 • 2 min read

Announcing SOC 2 Type 1 Certification: A Commitment to Our Customers

As an application security company, offering our customers the highest level of confidence in our own security practices is critical.

Announcing SOC 2 Type 1 Certification: A Commitment to Our Customers
Ray Espinoza
Ray Espinoza

Ray Espinoza is the Head of Security at Cobalt. With over 20 years of technology experience and 12+ years in information security, Ray’s collaborative leadership style has enabled him to build information security and risk management programs that support business objectives and build customer trust.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

soc 2 type 1 1

As an application security company, offering our customers the highest level of confidence in our own security practices is critical. Today, we are thrilled to announce that as of April 2020, Cobalt is officially SOC 2 Type 1 certified.

We wanted to highlight to our customers that we consistently build security programs that are auditable, repeatable, and built to a framework baseline that is easy for everyone to understand. This requires consistency across the board. SOC 2 involves particular controls that go into the audit, and achieving certification shows that we’ve been able to meet or exceed those expectations for each area.

SOC 2 certification is an industry standard framework when you have a SaaS platform because it covers so many fundamental areas of security, governance, risk, and compliance for service providers. Our goal over the past year was to raise the bar on security, and the focus on SOC 2 provided the framework and structure to meet that goal while also improving our operational security capabilities.

Our end goal of achieving SOC 2 certification is developing comprehensive programs that will stick around for a very long time, while always driving for iterative improvements. At the highest level, this includes formalizing tactical initiatives driven by different teams and for infrastructure.

It is important to point out that just because you are SOC 2 certified doesn’t mean you are fully secure. However, it does highlight a commitment to customers to ensure that their data is protected to industry standard.

SOC 2 certification is a journey that requires a deep dive into your system, but it’s worth it for you and your customers. For us, this milestone will allow us to achieve our SOC 2 Type 2 audit in early 2021. This shows that we are maintaining all of our controls on a recurring basis throughout the year instead of at just one point in time.

Stay tuned for our next SOC 2 blog post that will share what considerations to keep in mind when thinking about getting SOC 2 certified.

Related Stories

How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
What better group to turn to for advice than security leaders who have worked on the front lines of risk and uncertainty?
Read moreArrow Right
Cybersecurity Statistics for 2021
Cybersecurity Statistics for 2021
What's new in ransomware, social engineering, and many other security threats
Read moreArrow Right
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
Find out more about the role of pentesting in your company’s compliance effort.
Read moreArrow Right
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens