Skip to content

Cobalt is SOC 2 Certified

At Cobalt, we are committed to providing best-in-class security to our customers. In addition to safeguarding employees, assets and physical spaces, we are focused on protecting our customers’ data. As part of this ongoing commitment, today we are proud to share that Cobalt is SOC 2 Type 1 certified with no exceptions.

What is SOC 2?

Service Organization and Controls (SOC) is a widely-recognized and respected industry standard set by the American Institute of Certified Public Accountants (AICPA) for certifying that a company adheres to a comprehensive set of trust services criteria for keeping data safe and secure.

SOC 2 certification is considered the gold standard for security compliance for companies that provide cloud-based services and requires that these companies establish and follow strict information security policies and procedures encompassing the security, availability, confidentiality, and privacy of customer data. In other words, an external AICPA auditor has verified and certified that our processes, procedures and information management are fully compliant.

What does SOC 2 mean for our customers?

Achieving SOC 2 Type 1 certification means that the rigorous processes and practices we have implemented to protect data meet or exceed industry standards of oversight and monitoring. It is a proof point of our ongoing commitment to safeguarding our customers’ data and, through the lens of AICPA’s evaluation criteria, a verification of our ability to meet growing cyber security requirements for existing and prospective customers. SOC 2 certification also sets the foundation for our ongoing efforts to improve our internal control environment and any future regulatory compliance.

What’s next?

Focused effort and collaboration across the company enabled us to achieve this important milestone—and this is only the beginning. We are now in the process of securing our SOC 2 Type 2 certification. Having validated the compliance of our processes and procedures, auditors will be monitoring us closely for the next six months.

Our SOC 2 Type 2 audit will be completed in 2020. In the meantime, our SOC 2 Type 1 report is available to our customers upon signing an NDA. To request this report, please contact security [at]