Compliance and external audits


Sophos regularly undergoes SOC Type 1 auditing and can provide access to the report under NDA. SOC Type 2 auditing is currently in progress.

Penetration testing

We regularly conduct both internal and external penetration testing with reputable third-parties and can provide attestation under NDA.


Sophos’ global commitment to data protection is detailed on our website: