SOC 2 Type II certification is now part of Passpack’s security credentials, reinforcing our reputation as a trusted password management provider. This independent audit confirms that our data protection measures perform effectively over time—offering clients peace of mind in today’s threat-heavy digital environment.
Security is a core pillar of the Passpack password management platform. It’s in our DNA. It has to be – security is what we do. We work every day to ensure Passpack data privacy and compliance capabilities are best-in-class to defend against the latest cyberthreats. While Passpack has always operated to the standards of SOC 2 security policies, we are pleased to announce that Passpack now has achieved full independent SOC 2 Type II Audit Certification.
What is SOC 2 Type II Certification?
Service Organization Control (SOC) 2 is a voluntary information security compliance framework used to demonstrate that a company’s security controls and policies have been properly implemented, tested and proven to effectively protect confidential customer data.
Why SOC 2 Type II Certification Matters for Your Business?
For companies handling sensitive customer data, SOC 2 compliance is the gold standard in security. The credential goes a long way toward instilling trust in existing customers and winning new business in markets where protection from data breaches and other cybersecurity threats is paramount.
There are two levels of SOC 2 Reports: Type I establishes best security practices at a fixed point in time. Type II takes the process a step further by evaluating the operational effectiveness of those data control security systems over a given period, usually a six- to twelve-month window. A SOC 2 Type II Report certifies the controls put in place functioned as intended to protect customer data throughout the reporting timeframe.
Passpack has validated its security DNA with full SOC 2 Type II Certification through an impartial audit conducted by an American Institute of Certified Public Accountants (AICPA)-certified auditor. Some private businesses such as those in financial services and healthcare may only engage vendors that meet SOC 2 Type I and/or II standards, and many government agencies require it. Passpack is now fully accredited to meet the secure password management needs of these types of clients.
Passpack & SOC 2 Type II Certification Qualifiers
Passpack has always been passionate about the granularity of our security infrastructure, system and application, and we have always held ourselves to the highest standards. SOC 2 Type II Certification provides independent verification that Passpack’s security and compliance controls fully meet or exceed the requirements established by the AICPA for data protection and privacy.
Furthermore, Passpack has always required that our selected technology and processing partners have SOC 2 Type II certification, along with European General Data Protection Regulation (GDPR) compliance and, if applicable, Payment Card Industry Data Security Standard (PCI-DSS) protection. All Passpack partners meet these criteria.
Core Security Features Supporting Certification
Other core security and privacy protocols contributing to Passpack’s SOC 2 Type II Certification include:
- Zero-knowledge model architecture. Passpack was one of the first companies to implement a zero-knowledge model architecture, providing the highest levels of data security and privacy. Encryption and decryption of passwords and credentials only occurs locally on the end-user’s device, never in the cloud or on Passpack servers. No one ever has access to data stored in a Passpack vault except the account owner.
- Proactive threat detection. Passpack’s software is constantly monitored for malware and updated to provide our customers with the latest technology and data protection. Passpack partners with third-party experts and independent security researchers to perform regular penetration testing against emerging threats across all solutions and systems. Part of this mission is recognizing that bug reports from the worldwide community of security professionals and cyberthreat researchers are a valuable component to cyber defense. We use and contribute to these resources to ensure the security of Passpack’s products and services.
- Encryption. Passpack employs military-grade AES 256-bit end-to-end encryption on all passwords and stored data to protect information during transit and while at rest.
- Level of security of the cloud server infrastructure and service provider. Passpack utilizes PhoenixNAP®, an award-winning, highly secure global IT services provider (SOC 2 Type II certified, of course) to host and operate the cloud-based Passpack platform and architecture. This provides Passpack customers with stringent secure cloud storage consistent with the highest industry security standards, such as HIPAA.
- Robust authentication measures. Passpack supports and strongly recommends the use of MFA (true multi-factor authentication, i.e. a combination of what you know, have or are, not two of the same things), through Google or Microsoft Authenticator, as well as YubiKey physical tokens to provide extra layers of security.
Try Passpack with Full SOC 2 Type II Certification – FREE for 28 Days
And the best part? Businesses can take advantage of all Passpack has to offer – create and store an infinite number of unbreakable passwords and user accounts organized into teams with centralized administrator control – now with full SOC 2 Type II Certification – for as little as $1.50 per user/month.
Still not sure if Passpack is right for your organization? Try the most secure, easy to use and affordable password manager app without risk or obligation. Start your FREE 28-day trial today!