Compliance and external audits

SOC

Sophos regularly undergoes SOC Type 1 auditing and can provide access to the report under NDA. SOC Type 2 auditing is currently in progress.

Penetration testing

We regularly conduct both internal and external penetration testing with reputable third-parties and can provide attestation under NDA.

GDPR

Sophos’ global commitment to data protection is detailed on our website:

https://www.sophos.com/en-us/legal/sophos-gdpr.aspx.