Ask a Question

Pen Testing and Audit

Is Pen testing mandatory for my Prod workload to pass SOC2?
If yes, which Pen test I should perform for e.g. Whitebox, Blackbox, Graybox …?
Do I need to select only partners from the TrustCloud list for Pen testing and even for audit?

docs icon TrustCloud Q&A
All Replies

Viewing 0 reply threads

  • The pen test is not mandatory for SOC 2 Type 1 but is highly recommended for a SOC 2 Type 2. You do not need to select our pen partners, we only offer our partners as way to help our customers speed up the search when looking at pen test vendors. Re: the type of pen test, SOC 2 controls are not very prescriptive. It also depends on the maturity of the organization. White box testing is more easier to handle where as a black box testing is very rigorous and consume more resources from your side. Additionally, please check out this link for more details on the pen testing –

Viewing 0 reply threads

Join the conversation