Is Pen testing mandatory for my Prod workload to pass SOC2?
If yes, which Pen test I should perform for e.g. Whitebox, Blackbox, Graybox …?
Do I need to select only partners from the TrustCloud list for Pen testing and even for audit?
SHARE THIS TOPIC
Ask a Question
pratik2
Participant
Participant
Pen Testing and Audit
Join the conversation
Log in with your TrustCloud credentials and get started.
The pen test is not mandatory for SOC 2 Type 1 but is highly recommended for a SOC 2 Type 2. You do not need to select our pen partners, we only offer our partners as way to help our customers speed up the search when looking at pen test vendors. Re: the type of pen test, SOC 2 controls are not very prescriptive. It also depends on the maturity of the organization. White box testing is more easier to handle where as a black box testing is very rigorous and consume more resources from your side. Additionally, please check out this link for more details on the pen testing – https://community.trustcloud.ai/docs/trustops/controls/vulnerability-management/infra-2-pen-testing/