Menu Icon
< back to main
 • 3 min read

Announcing SOC 2 Type II Certification: Reinforcing our Commitment to Security

We are delighted to share the news that Cobalt is now SOC 2 Type II certified!

Announcing SOC 2 Type II Certification: Reinforcing our Commitment to Security
Alexander Jones
Alexander Jones

Alex Jones is a cybersecurity leader, educator, multimedia enthusiast and geek. Alex is currently the Information Security Manager at Cobalt.io, the leading Pentest as a Service company. He has led Security and Compliance teams and initiatives at HBC, Express Scripts, Gainsight and Cognizant prior to joining Cobalt. These roles have included Security Analyst, Senior Security Engineer and Security Architect. Prior to his career in Information Security, Alex was a Lead Audio Engineer and Adjunct Instructor at Clayton Studios and Extreme Institute in St. Louis, MO.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

We are delighted to share the news that Cobalt is now SOC 2 Type II certified!

After receiving the SOC 2 Type I certification in 2020, we didn’t stop there. Meeting our goal of becoming SOC 2 Type II certified bolsters our ability to build consistent, auditable, repeatable security programs within frameworks that are best fit for our customers’ needs. As a trusted application security company and Pentest as a Service (PtaaS) provider, we continuously aim to meet and exceed industry standards and customer expectations to deliver security controls that are effective at protecting and defending customer data.

What is SOC 2 Compliance?

To ensure a business is exercising best practices for maintaining data security, SOC 2 compliance outlines a framework of security standards based on the five SOC 2 trust principles developed and maintained by the American Institute of Certified Public Accountants (AICPA).

SOC 2 Trust Principles Checklist

Obtaining the SOC 2 Type I and Type II certifications is one way to demonstrate that Cobalt is committed to delivering end-to-end security with our Pentest as a Service platform. The SOC 2 audit report is evidence of our commitment as a partner to keep highly sensitive data thoroughly protected. We are always looking to raise the bar for security, and keeping data secure for our customers remains a top priority.

SOC 2 Type I vs Type II

  • Type I: Describes how security and compliance controls are “designed” based on a specific point in time. For example as of March 31st, the organization conducts background checks and has job descriptions for roles and responsibilities.

  • Type II: Describes the “design and operating effectiveness over a period of time (audit period)”, typically 6-12 months. This assessment shows the SOC 2 control implementation and operating effectiveness over that time period— subsequently, our audit period was from April 1st, 2020, to March 31st, 2021.

What This Means for Cobalt Customers

Trust and transparency are at the forefront of security and data privacy for us as a PtaaS provider. Maintaining SOC 2 compliance is one of the most commonly followed frameworks, in addition to being an integral part of security, sales, and operations workflows. Achieving the SOC 2 Type II certification further demonstrates our promise of customer data protection over an extended period of time with robust capabilities to identify, track, and resolve security vulnerabilities.

With Cobalt, you can trust us to provide speed, integrations, talent, and efficiency for the long haul. Interested in how SOC 2 can apply to your business model or objectives? Learn more about how Cobalt’s Pentest as a Service platform can help you achieve your company’s SOC 2 compliance needs.

Pentesting Compliance

News

Related Stories

How to Become SOC 2 Type 1 Certified and Elevate Your Status in a Competitive Business Atmosphere
How to Become SOC 2 Type 1 Certified and Elevate Your Status in a Competitive Business Atmosphere
Your customers are looking for assurance that you have security properly baked into your systems.
Read moreArrow Right
Announcing SOC 2 Type 1 Certification: A Commitment to Our Customers
Announcing SOC 2 Type 1 Certification: A Commitment to Our Customers
As an application security company, offering our customers the highest level of confidence in our own security practices is critical.
Read moreArrow Right
What is Cybersecurity Maturity Model Certification (CMMC)?
What is Cybersecurity Maturity Model Certification (CMMC)?
Read about the Cybersecurity Maturity Model Certification (CMMC) with this overview explaining the basics and how pentesting fits into this certification.
Read moreArrow Right
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
Find out more about the role of pentesting in your company’s compliance effort.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens