How we’re building assurance with SOC 2 Type 2 compliance

At Picus, protecting the security and privacy of our customers will always be a top priority. It’s why we’re committed to ensuring that our controls, policies and procedures meet the highest standards and continue to evolve as our business grows.

Today, we’re pleased to announce that we have successfully completed another key milestone on our information security roadmap by achieving compliance with SOC 2 Type 2 - widely regarded as a gold standard for information security.

What is SOC 2 and what does it mean for Picus customers?

System and Organization Controls (SOC 2) is a security audit and attestation developed by the American Institute of Certified Public Accountants (AICPA) for Software-as-a-Service (SaaS) companies that process customer data.

Compliance with SOC 2 verifies that Picus and our cloud-native Complete Security Control Validation Platform meets AICPA’s Trust Service Criteria (TSC). The TSC is split across five principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

SOC2-graphic-updated
Meeting the principles of SOC 2, as part of a compliance program that also includes ISO 27001, ISO 20000 and ISO 22301, demonstrates how highly we prioritize security and privacy as well as building products that instil trust and confidence.

SOC 2 Type 1 vs. SOC 2 Type 2

There are two types of SOC 2 audit reports Type 1 and Type 2. Picus achieved attestation with SOC 2 Type 1 in November 2021 and has now completed attestation with Type 2.

A SOC 2 Type 1 report describes the design of a service provider’s controls to meet AICPA’s trust criteria as of a specific point in time; a SOC 2 Type 2 report details the operational effectiveness of these controls over an extended period.

Picus Security achieved SOC 2 Type 2 compliance in April 2022 following an independent audit by Prescient Assurance. To main compliance, Picus will be audited annually.

Request a copy of our SOC 2 report

If you are an existing customer or partner of Picus and would like a copy of our SOC 2 Type 1 and Type 2 reports, please feel free to reach out to a member of our team.

If you are not a current customer but would like to read the reports then we’d be happy to provide a copy under an NDA.

If you have any questions, please let us know!

Request a copy

Click here to learn more about Picus and how our breach and attack simulation technology can help you to validate and enhance your organization’s security posture.

SOC 2 compliance is a security audit and attestation developed by the AICPA for SaaS companies that process customer data. It confirms that Picus meets the AICPA’s Trust Service Criteria, ensuring high standards of security, availability, processing integrity, confidentiality, and privacy for its customers. 2. **

A SOC 2 Type 1 report describes the design of a service provider’s controls at a specific point in time, while a SOC 2 Type 2 report details the operational effectiveness of these controls over an extended period. 3. **

Picus Security undergoes SOC 2 compliance audits annually to maintain its compliance status. 4. **

Yes, non-customers can obtain a copy of the SOC 2 reports from Picus under a Non-Disclosure Agreement (NDA). 5. **

Achieving SOC 2 Type 2 compliance demonstrates Picus’s commitment to high security and privacy standards, building trust and confidence among its customers and stakeholders.