Blue Goat Cyber

SOC 2 Penetration Testing Services

SOC 2 Penetration Testing Services

Steps to Schedule Your SOC 2 Penetration Test:

soc2penetrationtesting-600x338

Below is a high-level comparison of SOC 2 Type I and SOC 2 Type II:

  • SOC 2 Type I – an audit of management’s description of a service organization’s system and the suitability of the design (documentation) of controls. A SOC 2 Type I audit looks at “a point in time” of the systems in scope, how the management of the organization describes the systems, and what controls are in place around the systems. An auditor will issue an opinion (attestation) based on management’s description of the controls and a review of the documentation (artifacts provided) around these controls.

  • SOC 2 Type II – an audit of management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls. A SOC 2 Type II audit looks at how the controls are described and used over a minimum of a 6-month time-frame. The intent is to determine if the controls are functioning as described by the management. An auditor will test the controls and provide an opinion (attestation) based on the description by management versus the operating effectiveness (test results) of the controls.

Although SOC 2 only specifies a penetration test every 180 days, we recommend a quarterly program that includes validation testing.

Top 10 Penetration Testing Decision Factors

If we do not find at least one vulnerability with a risk rating of Low or greater, we will refund 100% of your money, minus any incurred expenses.

Our purpose is simple — to make your organization secure

The number of cybersecurity incidents continues to climb. The variety of attacks continues to grow. It is no longer a question of if you will have a cyber event.