How we’re building assurance with SOC 2 Type 2 compliance

The Blue Report 2024

Get a comprehensive analysis of over 136 million cyber attacks and understand the state of threat exposure management.

DOWNLOAD

How we’re building assurance with SOC 2 Type 2 compliance

At Picus, protecting the security and privacy of our customers will always be a top priority. It’s why we’re committed to ensuring that our controls, policies and procedures meet the highest standards and continue to evolve as our business grows.

Today, we’re pleased to announce that we have successfully completed another key milestone on our information security roadmap by achieving compliance with SOC 2 Type 2 - widely regarded as a gold standard for information security.

What is SOC 2 and what does it mean for Picus customers?

System and Organization Controls (SOC 2) is a security audit and attestation developed by the American Institute of Certified Public Accountants (AICPA) for Software-as-a-Service (SaaS) companies that process customer data. 

Compliance with SOC 2 verifies that Picus and our cloud-native Complete Security Control Validation Platform meets AICPA’s Trust Service Criteria (TSC). The TSC is split across five principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. 

SOC2-graphic-updated
Meeting the principles of SOC 2, as part of a compliance program that also includes ISO 27001, ISO 20000 and ISO 22301, demonstrates how highly we prioritize security and privacy as well as building products that instil trust and confidence. 

SOC 2 Type 1 vs. SOC 2 Type 2

There are two types of SOC 2 audit reports Type 1 and Type 2. Picus achieved attestation with SOC 2 Type 1 in November 2021 and has now completed attestation with Type 2.

A SOC 2 Type 1 report describes the design of a service provider’s controls to meet AICPA’s trust criteria as of a specific point in time;  a SOC 2 Type 2 report details the operational effectiveness of these controls over an extended period.

Picus Security achieved SOC 2 Type 2 compliance in April 2022 following an independent audit by Prescient Assurance. To main compliance, Picus will be audited annually.

Request a copy of our SOC 2 report

If you are an existing customer or partner of Picus and would like a copy of our SOC 2 Type 1 and Type 2 reports, please feel free to reach out to a member of our team. 

If you are not a current customer but would like to read the reports then we’d be happy to provide a copy under an NDA.

If you have any questions, please let us know!

Request a copy

Click here to learn more about Picus and how our breach and attack simulation technology can help you to validate and enhance your organization’s security posture.