Latest research, product updates and best practices on staying secure in the cloud | Permiso

Permiso | Blog | Achieving SOC 2 Type 1 Certification - Helping companies feel more secure about Permiso while we help them secure their public cloud

Written by Jason Martin | Aug 15, 2022 12:33:00 PM

We're excited to announce that Permiso is now SOC 2 Type I certified. This certification signifies that an independent third-party auditor has validated the design of our security program controls against an established set of Trust Service Principles.

At Permiso, we take the security of our vendors seriously. And since we are a vendor for many of you, we strive to set an excellent example for what you should demand of all your vendors.

Vendors can say anything, and they often do. It would be best if you validated the word of your vendor that they are securing their systems (and thus your data) properly. Having a third party attest to the designs and implementation of the controls against a broadly accepted standard helps you as a potential customer of the vendor meet your security program and vendor management requirements. Instead of having to conduct those evaluations yourself for every vendor across each of the control areas, you can trust the opinion of a third-party auditor over a broad set of security controls and hopefully make your vendor management process a little easier.

Don't get us wrong; we know that Compliance != Security. As a group of cyber security veterans helping customers better protect their public cloud environments, we know the importance of maintaining a high degree of security. Security at Permiso is not a "role" or "function." It is inherent to how we operate as a company. Security is integrated into all aspects of our company from how we onboard and train our employees to how we build, deploy, validate, and monitor our systems and software. While we are proud of achieving our SOC 2 Type I certification we are even prouder that the controls covered are only a subset of the practices and policies we employ to keep our clients secure.

Now that we've completed our SOC 2 Type I certification we will be pursuing our SOC 2 Type II certification by partnering with Vanta (an excellent continuous compliance platform) and our third-party auditor Johanson Group LLP. The SOC 2 Type II will extend the current attestation to cover the operating effectiveness of the controls we've designed and implemented.

To get a copy of our SOC 2 Type I report, please hit us up at hello@permiso.io. We encourage all of our customers and prospects to get a copy. If you would like to learn more about how we keep ourselves and others secure with the Permiso platform, please get in touch with us at the same email address.