Cofense Logo - Email Security Solutions

PhishMe Attains SOC 2 Type I Compliance Across PhishMe Simulator and hosted PhishMe Triage Product Offerings

Share Now


LEESBURG, VA. – February 9th, 2018 – PhishMe®, the leading provider of human phishing defense solutions, today announced it has successfully completed a Service Organization Controls (SOC) 2 Type I examination across the PhishMe Simulator® and hosted PhishMe Triage™ product lines, which help organizations address the human sources of risk associated with phishing attacks.

Created for entities operating in the booming technology and cloud computing sector, SOC 2 compliance is an industry standard in data security compliance. In pursuit of this industry-leading certification, organizations undergo a rigorous analysis that can include the following trust services criteria: security, availability, processing integrity, confidentiality and privacy.

“Achieving this certification demonstrates our continued commitment and investment in larger compliance efforts to exceed enterprise standards and expectations with respect to data security,” said Aaron Higbee, CTO and co-founder of PhishMe.

Coalfire Controls, LLC, an independent CPA firm, conducted the audit of PhishMe Simulator and hosted PhishMe Triage product lines, testing the suitability of design of controls, with a focus on security, availability and confidentiality principles in line with strict criteria.

 “In an ever-evolving market of cybersecurity offerings, it is essential that organizations are able to clearly demonstrate that their solution meets SOC 2 criteria, an industry standard in data security compliance,” notes Chris Beiro, Director, SOC Practice, Coalfire. “Coalfire examined PhishMe solutions and found that controls were suitably designed to meet the applicable trust services criteria.”

The purpose of SOC standards are to help provide confidence and peace of mind for organizations and their third-party partners. PhishMe earned the SOC 2 certification because it has sufficient policies and strategies that are designed to satisfactorily protect their customers’ data.

For more information on PhishMe, visit:


About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision-making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behavior will improve security, aid incident response and reduce the risk of compromise.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.