Penetration Testing for SOC 2 Compliance
(SaaS for sales teams)

The American Institute of Certified Public Accountants (AICPA) created SOC 2 audit that demands service organization to pass data privacy protection check-up by categories of security, availability, processing integrity, confidentiality, and privacy of data used by the system.

That’s one of the most basic audits for US companies that want to сonfirm to their customers that their SaaS meets the highest security requirements and is truly responsible in working with customers' personal data.

A SOC 2 compliance auditor asked our client (SaaS for sales teams) to provide the results of penetration testing, to conduct this security check the client turned to us.

Our team focused on test tasks that primarily oriented to check out company prevention measures against intentional or accidental personal data misuse. To do this, we used the black box pentest methodology to maximally approximate the testing conditions to the conditions under which a real attacker operates.

The final report, apart from general recommendations and notes on security enhancement, included specific points concerning SOC 2 requirements and how to pass them successfully.