Need to fast-track your pentesting? Our experts make it easy.
Need to fast-track your pentesting? Our experts make it easy.

Announcing SOC 2 Type II Certification: Reinforcing our Commitment to Security

We are delighted to share the news that Cobalt is now SOC 2 Type II certified!

We are delighted to share the news that Cobalt is now SOC 2 Type II certified!

After receiving the SOC 2 Type I certification in 2020, we didn’t stop there. Meeting our goal of becoming SOC 2 Type II certified bolsters our ability to build consistent, auditable, repeatable security programs within frameworks that are best fit for our customers’ needs. As a trusted application security company and Pentest as a Service (PtaaS) provider, we continuously aim to meet and exceed industry standards and customer expectations to deliver security controls that are effective at protecting and defending customer data.

What is SOC 2 Compliance?

To ensure a business is exercising best practices for maintaining data security, SOC 2 compliance outlines a framework of security standards based on the five SOC 2 trust principles developed and maintained by the American Institute of Certified Public Accountants (AICPA).

SOC 2 Trust Principles Checklist

Obtaining the SOC 2 Type I and Type II certifications is one way to demonstrate that Cobalt is committed to delivering end-to-end security with our Pentest as a Service platform. The SOC 2 audit report is evidence of our commitment as a partner to keep highly sensitive data thoroughly protected. We are always looking to raise the bar for security, and keeping data secure for our customers remains a top priority.

SOC 2 Type I vs Type II

  • Type I: Describes how security and compliance controls are “designed” based on a specific point in time. For example as of March 31st, the organization conducts background checks and has job descriptions for roles and responsibilities.

  • Type II: Describes the “design and operating effectiveness over a period of time (audit period)”, typically 6-12 months. This assessment shows the SOC 2 control implementation and operating effectiveness over that time period— subsequently, our audit period was from April 1st, 2020, to March 31st, 2021.

What This Means for Cobalt Customers

Trust and transparency are at the forefront of security and data privacy for us as a PtaaS provider. Maintaining SOC 2 compliance is one of the most commonly followed frameworks, in addition to being an integral part of security, sales, and operations workflows. Achieving the SOC 2 Type II certification further demonstrates our promise of customer data protection over an extended period of time with robust capabilities to identify, track, and resolve security vulnerabilities.

With Cobalt, you can trust us to provide speed, integrations, talent, and efficiency for the long haul. Interested in how SOC 2 can apply to your business model or objectives? Learn more about how Cobalt’s Pentest as a Service platform can help you achieve your company’s SOC 2 compliance needs.

Complaince-Driven Pentesting Image CTA 2022
Back to Blog
About Alexander Jones
Alex Jones is a cybersecurity leader, educator, multimedia enthusiast and geek. Alex is currently the Information Security Manager at, the leading Pentest as a Service company. He has led Security and Compliance teams and initiatives at HBC, Express Scripts, Gainsight and Cognizant prior to joining Cobalt. These roles have included Security Analyst, Senior Security Engineer and Security Architect. Prior to his career in Information Security, Alex was a Lead Audio Engineer and Adjunct Instructor at Clayton Studios and Extreme Institute in St. Louis, MO. More By Alexander Jones