PhishFence for SOC 2

CC6.7: Logical access security: detection of unauthorised access

PhishFence detects lookalike domain registrations targeting your brand within minutes of a registration appearing in DNS or SSL Certificate Transparency logs. Each detection includes confidence scoring and risk evidence (DNS, MX, live HTTP, screenshot). Auditors use the alert log as evidence that unauthorised brand impersonation attempts are being detected.

CC7.2: System monitoring: ongoing operations

Hourly scans of monitored domains; continuous Certificate Transparency log monitoring; daily DMARC aggregate-report ingestion. Evidence pack includes scan history with timestamps, demonstrating continuous monitoring (not snapshot scans). Type 2 audits care about the "operating throughout the period" angle and this is exactly what we provide.

CC7.3: System operations: incident detection & response

Per-alert triage workflow with a one-click registrar abuse report via Netcraft Report API, plus pre-filled reports and deep links for Google Safe Browsing, Microsoft SmartScreen, PhishTank, and Cloudflare's abuse forms. Each submission (Netcraft) and each manual confirmation (the rest) is logged with actor, timestamp, and outcome. Auditors get end-to-end traceability from detection to disposition.

CC4.1: Operational logging

Every config change, alert state transition, and policy update is recorded in an audit log with timestamp, actor identity, source IP, and structured detail. The log has no editing or deletion UI; rows are only written by the audit middleware. The audit log itself is a SOC 2 deliverable.

CC2.1: Communication of security policies

Built-in playbooks (registrar abuse, UDRP filing, defensive registration, DMARC rollout) provide documented procedures your team can reference. Auditors verify the procedures exist; the playbooks are them.