About Cofense
About Cofense
Free Tools
Free Tools
Build Resilience
Create Transparency
Speed Response

Welcome to the Cofense Blog

Get the latest information on phishing threats and trends, BEC, ransomware and credential phishing, plus Cofense product updates.

Follow us on Social Media

PhishMe is SOC 2 compliant. Here’s how that helps you.

Information security is important to everyone, in particular organizations that outsource operations to third-party vendors (like SaaS or cloud-computing providers). If data isn’t handled securely, an organization’s risk of exposure to data theft, extortion and malware increases dramatically.

For extra security assurance, PhishMe has been certified as a Service Organization Controls (SOC) 2 Type I environment with regard to security, availability and confidentiality. Our certification applies to our PhishMe Simulator® and the hosted PhishMe TriageTM product lines, which help organizations address the human sources of risk associated with phishing attacks. Coalfire Controls, LLC, an independent CPA firm, conducted the audit.

What SOC 2 Compliance Is

SOC 2 is an IT auditing standard designed to evaluate your service provider’s ability to securely manage your data. Created by the American Institute of CPAs (AICPA) for companies in the technology and cloud computing sectors, SOC 2 compliance is the premiere industry standard in data security.

What It Means

We earned SOC 2 status because we maintain policies and processes designed to safeguard customer data. To gain this certification, PhishMe underwent a rigorous analysis that included the following trust services criteria: security, availability, processing integrity, confidentiality and privacy.

For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider.

Learn More

Visit the AICPA for full details on SOC 2 compliance and how it helps to improve security controls.