12 Days of PtaaS
You're not going to want to miss this celebration!

Announcing SOC 2 Type 1 Certification: A Commitment to Our Customers

As an application security company, offering our customers the highest level of confidence in our own security practices is critical.

As an application security company, offering our customers the highest level of confidence in our own security practices is critical. Today, we are thrilled to announce that as of April 2020, Cobalt is officially SOC 2 Type 1 certified.

We wanted to highlight to our customers that we consistently build security programs that are auditable, repeatable, and built to a framework baseline that is easy for everyone to understand. This requires consistency across the board. SOC 2 involves particular controls that go into the audit, and achieving certification shows that we’ve been able to meet or exceed those expectations for each area.

SOC 2 certification is an industry standard framework when you have a SaaS platform because it covers so many fundamental areas of security, governance, risk, and compliance for service providers. Our goal over the past year was to raise the bar on security, and the focus on SOC 2 provided the framework and structure to meet that goal while also improving our operational security capabilities.

Our end goal of achieving SOC 2 certification is developing comprehensive programs that will stick around for a very long time, while always driving for iterative improvements. At the highest level, this includes formalizing tactical initiatives driven by different teams and for infrastructure.

It is important to point out that just because you are SOC 2 certified doesn’t mean you are fully secure. However, it does highlight a commitment to customers to ensure that their data is protected to industry standard.

SOC 2 certification is a journey that requires a deep dive into your system, but it’s worth it for you and your customers. For us, this milestone will allow us to achieve our SOC 2 Type 2 audit in early 2021. This shows that we are maintaining all of our controls on a recurring basis throughout the year instead of at just one point in time.

Stay tuned for our next SOC 2 blog post that will share what considerations to keep in mind when thinking about getting SOC 2 certified.

Back to Blog
About Ray Espinoza
Ray Espinoza is the Head of Security at Cobalt. With over 20 years of technology experience and 12+ years in information security, Ray’s collaborative leadership style has enabled him to build information security and risk management programs that support business objectives and build customer trust. More By Ray Espinoza
How a SaaS Startup Scaled Growth with PtaaS & SOC 2 Compliance Automation
How Neural Payments uses pentesting and SOC 2 compliance automation to set themselves up for security posture success.
Apr 13, 2022