CloudGrappler: An open-source threat detection tool for AWS and Azure

LEARN MORE
Hamburger
Close Icon
Linkedin
Linkedin

© Permiso Security 2022

|Privacy Policy|Terms
Illustration Cloud
Jason Martin
Jason Martin | 15 Aug 2022
BACK TO BLOGS

Achieving SOC 2 Type 1 Certification - Helping companies feel more secure about Permiso while we help them secure their public cloud

Achieving SOC 2 Type 1 Certification - Helping companies feel more secure about Permiso while we help them secure their public cloud
Credits: Wilma Miranda

We're excited to announce that Permiso is now SOC 2 Type I certified. This certification signifies that an independent third-party auditor has validated the design of our security program controls against an established set of Trust Service Principles.

At Permiso, we take the security of our vendors seriously. And since we are a vendor for many of you, we strive to set an excellent example for what you should demand of all your vendors.

Vendors can say anything, and they often do. It would be best if you validated the word of your vendor that they are securing their systems (and thus your data) properly. Having a third party attest to the designs and implementation of the controls against a broadly accepted standard helps you as a potential customer of the vendor meet your security program and vendor management requirements. Instead of having to conduct those evaluations yourself for every vendor across each of the control areas, you can trust the opinion of a third-party auditor over a broad set of security controls and hopefully make your vendor management process a little easier.

Don't get us wrong; we know that Compliance != Security. As a group of cyber security veterans helping customers better protect their public cloud environments, we know the importance of maintaining a high degree of security. Security at Permiso is not a "role" or "function." It is inherent to how we operate as a company. Security is integrated into all aspects of our company from how we onboard and train our employees to how we build, deploy, validate, and monitor our systems and software. While we are proud of achieving our SOC 2 Type I certification we are even prouder that the controls covered are only a subset of the practices and policies we employ to keep our clients secure.

Now that we've completed our SOC 2 Type I certification we will be pursuing our SOC 2 Type II certification by partnering with Vanta (an excellent continuous compliance platform) and our third-party auditor Johanson Group LLP. The SOC 2 Type II will extend the current attestation to cover the operating effectiveness of the controls we've designed and implemented.

To get a copy of our SOC 2 Type I report, please hit us up at hello@permiso.io. We encourage all of our customers and prospects to get a copy. If you would like to learn more about how we keep ourselves and others secure with the Permiso platform, please get in touch with us at the same email address.
Illustration Cloud

Related Articles

Jared Elder
Press

Permiso Launches Cloud Console Cartographer to Help Security Teams Make Sense of Console Activity in Cloud Logs

Jared Elder | 04.18.2024

The open-source tool helps security teams easily transcribe log activity generated from events of AWS console sessions

Read More
Jared Elder
Press

Permiso Raises $18.5M Series A To Unify Threat Detection and Response In The Cloud

Jared Elder | 04.03.2024

Permiso’s product offers a deep library of detection signals from known TTPs of modern threat actors and spans coverage across the cloud’s attack surface to detect threats in the cloud more quickly than ever

Read More
Jared Elder
Press

Permiso Launches CloudGrappler To Help Security Teams Better Detect Threat Actors In Their Cloud Environments

Jared Elder | 03.07.2024

Free open source tool detects activity in cloud environments related to well-known threat actors such as LUCR-3 (Scattered Spider), the group responsible for MGM and Caesars breaches last September

Read More
View more posts