RegScale Earns Coveted SOC 2 Type 2 Stamp of Security Excellence

January 29, 2024 | By Esty Peskowitz
SOC 2 type 2 certified

RegScale achieves SOC 2 Type 2 certification: Reducing package preparation time by 94% using its own continuous controls monitoring platform

We are thrilled to share that as of January 29, 2024, RegScale has achieved SOC 2 Type 2 certification. We embraced the opportunity to prove the security pedigree of our own Continuous Controls Monitoring platform to obtain the SOC 2 Type 2 certification with significantly less time and effort. How much time did we save?

Hundreds of hours! 375 hours to be exact.

Leveraging our own Continuous Controls Monitoring (CCM) platform, we slashed what is typically a months-long effort into less than a month and compressed roughly 400 hours of manual work into less than 25 hours over a six-month period, setting a new precedent in efficiency and speed for achieving SOC 2 Type 2 compliance.

How did RegScale save 94% of the time preparing our SOC 2 Type 2 package?

Our auditors received evidence instantly in RegScale, which on its own likely cut time in half because of the efficiency of eliminating the “back and forth” typically experienced. RegScale promises and delivers “always audit-ready,” real-time evidence of security, risk, and compliance controls.

SOC 2 Type 2 is an important milestone.

Achieving SOC 2 Type 2 compliance is a promise to our customers that their data is in safe hands, and with RegScale, we can guarantee we will continue to stay continuously compliant using our industry leading CCM platform. It’s a testament to our unwavering commitment to security, privacy, and reliability. With SOC 2 Type 2, we demonstrate to our customers and the market that we are ensuring continuous compliance that develops customer trust, that we proactively do risk management, and we strive for operational excellence and continuous improvement.

We realize that compliance and risk data is very sensitive and that storing this data in a commercial platform requires organizations to have the highest levels of trust in the security of our technology. We leveraged our decades of experience delivering secure solutions for the US Nuclear Weapons program to build military-grade security into our CCM platform, resulting in the most secure CCM platform in the market. SOC 2 Type 2 is an important milestone on our security journey, but it is just the first step. We also plan to achieve FedRAMP High certification in the months ahead.
Travis Howerton

Travis Howerton

Co-Founder and CEO, RegScale

RegScale’s journey from SOC 2 Type 1 to Type 2 signals a significant step in our commitment to customer trust, security, and compliance. A SOC 2 Type 1 report evaluates the design of an organization’s controls at a specific point in time, providing valuable insights into their initial security measures. Companies achieving SOC 2 Type 2 reports go a step further by assessing the ongoing effectiveness and operation of these controls over an extended period, typically six months or more. SOC 2 Type 2 underscores dedication to building and maintaining strong customer trust through continuous, robust security practices and compliance measures.

As RegScale continues to innovate and grow, our customers can be confident that safeguarding their information remains RegScale’s top priority. Want to learn from our director of InfoSec how he slashed the SOC 2 Type 2 package prep time by 94%? If so, contact us today to learn how RegScale can accelerate your journey to achieve any compliance certification.

Ready to get started?

Choose the path that is right for you!

Skip the line

My organization doesn’t have GRC tools yet and I am ready to start automating my compliance with continuous monitoring pipelines now.


My organization already has legacy compliance software, but I want to automate many of the manual processes that feed it.