Cloud Detection and Response Survey Report

Illustration Cloud

Achieving SOC 2 Type 1 Certification - Helping companies feel more secure about Permiso while we help them secure their public cloud

We're excited to announce that Permiso is now SOC 2 Type I certified. This certification signifies that an independent third-party auditor has validated the design of our security program controls against an established set of Trust Service Principles.

At Permiso, we take the security of our vendors seriously. And since we are a vendor for many of you, we strive to set an excellent example for what you should demand of all your vendors.

Vendors can say anything, and they often do. It would be best if you validated the word of your vendor that they are securing their systems (and thus your data) properly. Having a third party attest to the designs and implementation of the controls against a broadly accepted standard helps you as a potential customer of the vendor meet your security program and vendor management requirements. Instead of having to conduct those evaluations yourself for every vendor across each of the control areas, you can trust the opinion of a third-party auditor over a broad set of security controls and hopefully make your vendor management process a little easier.

Don't get us wrong; we know that Compliance != Security. As a group of cyber security veterans helping customers better protect their public cloud environments, we know the importance of maintaining a high degree of security. Security at Permiso is not a "role" or "function." It is inherent to how we operate as a company. Security is integrated into all aspects of our company from how we onboard and train our employees to how we build, deploy, validate, and monitor our systems and software. While we are proud of achieving our SOC 2 Type I certification we are even prouder that the controls covered are only a subset of the practices and policies we employ to keep our clients secure.

Now that we've completed our SOC 2 Type I certification we will be pursuing our SOC 2 Type II certification by partnering with Vanta (an excellent continuous compliance platform) and our third-party auditor Johanson Group LLP. The SOC 2 Type II will extend the current attestation to cover the operating effectiveness of the controls we've designed and implemented.

To get a copy of our SOC 2 Type I report, please hit us up at We encourage all of our customers and prospects to get a copy. If you would like to learn more about how we keep ourselves and others secure with the Permiso platform, please get in touch with us at the same email address.

Illustration Cloud

Related Articles

Permiso 2022 - End of Year Observations

In 2022, Permiso's Cloud Detection & Response platform detected a multitude of different security events across client cloud infrastructure environments. In all cases, the detected suspicious and malicious behavior inside of their cloud environments

P0 Labs: Helping stay ahead of cloud adversaries

As organizations continue to accelerate the shift to cloud, adversaries are following. Over the past ten (10) years I have had the opportunity to lead some of the largest and most impactful public and private Incident Response (IR) engagements at

Cloud vendor supply chain risk - Forecast: Foggy with a chance of thunderstorms

Attackers are increasingly taking advantage of trusted vendor relationships to perform software and service based supply chain attacks. As cloud adoption continues to grow, we will see sophisticated threat actors like APT29 increase targeting of

View more posts