Information security is important to everyone, in particular organizations that outsource operations to third-party vendors (like SaaS or cloud-computing providers). If data isn’t handled securely, an organization’s risk of exposure to data theft, extortion and malware increases dramatically.
For extra security assurance, PhishMe has been certified as a Service Organization Controls (SOC) 2 Type I environment with regard to security, availability and confidentiality. Our certification applies to our PhishMe Simulator® and the hosted PhishMe TriageTM product lines, which help organizations address the human sources of risk associated with phishing attacks. Coalfire Controls, LLC, an independent CPA firm, conducted the audit.
What SOC 2 Compliance Is
SOC 2 is an IT auditing standard designed to evaluate your service provider’s ability to securely manage your data. Created by the American Institute of CPAs (AICPA) for companies in the technology and cloud computing sectors, SOC 2 compliance is the premiere industry standard in data security.
What It Means
We earned SOC 2 status because we maintain policies and processes designed to safeguard customer data. To gain this certification, PhishMe underwent a rigorous analysis that included the following trust services criteria: security, availability, processing integrity, confidentiality and privacy.
For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider.
Visit the AICPA for full details on SOC 2 compliance and how it helps to improve security controls.