Rated 4.9/5 on
G2 logo

SOC 2 proves you can protect your customer data

SOC 2 is a set of standards designed to ensure businesses have adequate security policies and controls in place to protect their customers’ data. Conducted annually as an independent audit, the framework is based on the five principles of security, availability, processing integrity, privacy and confidentiality.

SOC 2 certificate
SOC 2 Vulnerability Management

Does SOC 2 Require Vulnerability Scanning and Penetration Testing?

As it’s widely recognized that you cannot stay secure if vulnerabilities in your systems are being left for hackers to find, three of SOC 2’s criteria refer to vulnerability detection and monitoring. This makes vulnerability scanning and penetration testing two effective tools for compliance, enabling you to uncover the real threats to your systems that you can promptly address. 

The Intruder Effect

Audit-ready effortless reporting

Comfortably pass SOC 2 standards with high-quality reports that are both comprehensive and easy on the eye.

In-depth asset discovery

You can’t protect what you don’t know about. Let Intruder continuously monitor your network for changes or additions, and alert you to new vulnerabilities as soon as they appear.

Seamless integration into existing risk management processes 

You don’t have to reinvent the wheel when you start using Intruder. Our platform can fit into your existing processes quickly and easily. 

Coverage gap closed

Don’t be caught out by the limitations of periodic penetration tests and automated vulnerability scanning. Adopt an elite vulnerability management approach with continuous penetration testing from Intruder Vanguard.

What our customers say

Unlike other equivalent security scanners, Intruder is simple to use and very easy to setup. We mainly use Intruder for the scheduled external scans of all our public facing domains. These scans are great to keep an eye out on emerging vulnerabilities and catch them before it's too late.


Is Intruder SOC 2 compliant?

Yes, Intruder has recently become SOC 2 certified, with the help of our own vulnerability scanner. Read our blog post to learn how we achieved that and about the importance of vulnerability scanning for SOC 2 audits.

How often do we need to run scans to achieve SOC 2 compliance?

SOC 2 requires vulnerability scanning but doesn't specify its frequency. Here at Intruder, we recommend conducting vulnerability scans at least monthly; however, your optimum scanning frequency will largely depend on the type of organization you’re tasked with securing, or the type of systems that you wish to scan. To get a better understanding of how frequently you should run your vulnerability scans, read our helpful guide.

Do you need a penetration test to meet SOC 2 requirements?

Penetration testing is not mandatory to achieve SOC 2 compliance, however, it is another layer of cyber defense that adds value and strengthens your organization against potential attacks.

Does vulnerability scanning count as a manual pentest?

The short answer is no. The two services complement each other, so ideally you should do both. An experienced penetration tester can find issues that are not detectable by machines, for example, by chaining several minor weaknesses together to discover a hidden critical vulnerability. On the other hand, vulnerability scanners can help you automate your security checks and provide continuous protection in the periods between manual in-depth tests.  

It’s important to point out though that penetration testers typically perform vulnerability scanning as part of their assessments, so if you’re just getting started and want to gain an overview of the state of your security, you will benefit from running a vulnerability scan first.  

Crest logo

Start your 14-day free trial

Try Intruder’s vulnerability scanner, to continuously monitor for weaknesses in your systems and maintain SOC 2 compliance.