It’s official, Randori has successfully passed our System and Organization Control (SOC) 2 Type 2 audit for the Randori Attack Platform. A recognized technical audit for service organizations, SOC 2 Type 2 requires companies establish and follow strict information security policies and procedures. With the completion of this audit, Randori is now the first and only attack surface management vendor to achieve SOC 2 Type 2 certification.
What is SOC 2 Type 2?
Developed by the American Institute of CPAs (AICPA), SOC 2 is a compliance framework used frequently by SaaS companies. The framework specifies five “trust service principles” for managing customer data, security, availability, processing integrity, confidentiality and privacy. A SOC 2 Type 2 report is an independent assessment that details the operational effectiveness of a company’s security controls & procedures. Internationally recognized, it is a leading standard for SaaS companies and others handling sensitive data in the cloud.
Our SOC 2 Type 2 certification demonstrates that Randori has met rigorous international standards in information security and confirms that its products, services, and business operations meet user needs with an effective information security management system.
What Does This Mean For Randori Customers?
The globally-recognized certification comes after months of hard work and a rigorous audit. As a company founded on the attacker’s perspective, good security practices are embedded into everything we do. This certification validates the investments we’ve made in our security program and signals to our customers our ongoing commitment.
“Today’s SOC 2 announcement is yet another example of how Randori is leading the attack surface management market forward,” said Brian Hazzard, CEO and co-founder of Randori. “With a new attack hitting the headlines every week, it’s critical that enterprise security vendors lead by example and set the standard for others in the space. The work Aaron and the team have put in, demonstrates to our customers our commitment to security and raises the bar for other ASM vendors in the space.”
The independent audit was conducted by A-LIGN, a leading security and compliance provider, who validated Randori’s stringent security and governance controls. Third party validation of security controls is a critical consideration when selection third-party vendors, especially for customers in regulated industries, such as telecommunications, healthcare, life sciences, and government.
The audit tested over 130 unique controls in the following areas:
- Information security policies and procedures
- Systems, information, network, infrastructure and personnel security
- Risk assessment
- Business continuity and disaster recovery
- Access controls
- Change management
- Management oversight
As a CISO, I understand the thoughtfulness organizations must take when choosing a third-party security vendor. Certifications such as SOC 2 Type 2 and ISO 27001 provide independent attestation that a vendor has controls in place which are operating effectively. Having these certifications enables us to demonstrate this commitment to CISOs and will further accelerate our growth in what is already one of the hottest sectors of security.
How Randori Can Help You
Trusted by some of the world’s largest enterprises, The Randori Attack Platform was designed to think and act like today’s adversaries. Using our patent-pending approach, Randori will identify the unknown assets, exploitable systems and misconfigurations that hacker’s will strike first. Getting started is simple and only requires an email. Sign up now to get a free hacker assessment of your enterprise today.
With this free assessment you will gain:
- Instant visibility to your most exposed assets
- A hacker’s assessment of where they’d strike first.
- Actionable insight to reduce your ransomware risk today.
Randori is building the world’s most authentic, automated attack platform to help defenders train like the adversary. Based on technology used to penetrate some of the world’s largest and most secure organizations, Randori enables security leaders to regain control of their attack surface, prioritize like an attacker, and practice how they fight. Get a demo today.