Penetration (pen) test for SOC 2

SOC 2 usually requires that a company conduct vulnerability scanning on a regular basis and take proper steps to address those risks. 

A company can meet SOC 2 audit requirements for vulnerability scanning through the following actions:

  1. Perform a third-party penetration (pen) test at least annually from a reputable vendor or firm
  2. Identify and resolve identified critical and high-risk vulnerabilities

The pen test requirement may vary from auditor to auditor, but as a security best practice we'd highly recommend getting a pen test.

Was this article helpful?

Have more questions? Submit a request



Article is closed for comments.