Cofense Logo - Email Security Solutions

Cofense Achieves SOC 2 Type II Compliance for PhishMe and Hosted Triage

Share Now


Phishing Defense Leader Continues to Pursue Compliance Certifications for Data Security

LEESBURG, Va.May 16, 2019 — Today Cofense™, the global leader in intelligent phishing defense solutions, announced it has successfully completed a Service Organization Controls (SOC) 2 Type II examination for Cofense PhishMe™ and Hosted Cofense Triage™. These product lines provide technology to help organizations train their employees to identify potential phishing risks and properly handle phishing attacks by individuals attempting to manipulate or deceive email recipients. Coalfire Controls, LLC, an independent CPA firm, conducted the audit.

SOC 2 compliance is a key industry standard in data security. Designed for entities operating in the technology and cloud computing sector, SOC 2 evaluates a service provider’s ability to securely manage customer data. In pursuit of this certification organizations undergo a rigorous analysis that includes the following trust services criteria: security, availability, processing integrity, confidentiality and privacy. Cofense achieved SOC 2 Type I compliance in February 2018, which is based on having the suitable controls in operation. For Type II, Cofense successfully showed the effectiveness of these controls over a period of time.

“Pursuing industry-leading certifications is just one way Cofense continues to demonstrate our commitment to larger compliance efforts that exceed enterprise standards,” said Keith Ibarguen, Chief Product Officer, Cofense. “SOC 2 Type II compliance is a proven standard to ensure the processing integrity, availability, security, confidentiality and privacy of customer data. Cofense aims to not only help our customers maintain strong security through our innovative technology offerings, but to also maintain strong relationships and trust through our own security and privacy practices.”

“Many organizations outsource information security operations to third-party vendors, and if their data is not handled securely, risk of exposure to data theft, extortion and malware increases dramatically. Given this threat of exposure, SOC 2 Type II is essential for organizations to clearly demonstrate the security control posture of their solutions,” states Chris Beiro, Sr. Director, SOC Practice, Coalfire. “Coalfire examined the PhishMe and Hosted Cofense Triage solutions and found that controls were suitably designed and operating effectively to provide reasonable assurance that the trust services criteria were met throughout the review period.”

The purpose of SOC standards are to help provide confidence and peace of mind for organizations and their third-party partners. Cofense maintains policies, strategies and processes that are designed to satisfactorily safeguard customer data. For more information, please visit

About Cofense 
Cofense™, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact 
[email protected]


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.