PhishFence for SOC 2
SOC 2 reports auditors look for continuous monitoring of phishing risk, anti-impersonation controls, and a real audit trail tying operator actions to outcomes. PhishFence directly addresses the relevant Trust Services Criteria with producible evidence for both Type 1 (point-in-time) and Type 2 (operating effectiveness) audits.
Trust Services Criteria mapping
CC6.7 — Logical access security: detection of unauthorised access
PhishFence detects lookalike domain registrations targeting your brand within minutes of a registration appearing in DNS or SSL Certificate Transparency logs. Each detection includes confidence scoring and risk evidence (DNS, MX, live HTTP, screenshot). Auditors use the alert log as evidence that unauthorised brand impersonation attempts are being detected.
CC7.2 — System monitoring: ongoing operations
Hourly scans of monitored domains; continuous Certificate Transparency log monitoring; daily DMARC aggregate-report ingestion. Evidence pack includes scan history with timestamps, demonstrating continuous monitoring (not snapshot scans). Type 2 audits care about the "operating throughout the period" angle and this is exactly what we provide.
CC7.3 — System operations: incident detection & response
Per-alert triage workflow with one-click takedown actions (registrar abuse report, Google Safe Browsing submission, Cloudflare block). Each action is logged with actor + timestamp + outcome. Auditors get end-to-end traceability from detection to disposition.
CC4.1 — Operational logging
Every config change, alert state transition, and policy update is recorded in an append-only audit log with timestamp, actor identity, source IP, and structured detail. The audit log itself is a SOC 2 deliverable.
CC2.1 — Communication of security policies
Built-in playbooks (registrar abuse, UDRP filing, defensive registration, DMARC rollout) provide documented procedures your team can reference. Auditors verify the procedures exist; the playbooks are them.
Sub-service organisations
PhishFence runs on Google Cloud Platform (Cloud Run, Cloud SQL, Cloud Storage). Our sub-service organisation list:
- Google Cloud Platform — compute, database, object storage. SOC 2 Type 2.
- Stripe — payment processing. PCI DSS Level 1 + SOC 2 Type 2.
- Resend — transactional email delivery. SOC 2 Type 2.
If your auditor wants the carve-out / inclusive approach defined for these sub-services, we can provide the relevant SOC 2 reports for each on request.
Preparing for a SOC 2 audit?
Get continuous-monitoring evidence in place before your auditor's fieldwork. Sign up free; PhishFence starts producing audit evidence the moment you add your first domain.
PhishFence is not a CPA firm and does not perform SOC 2 audits. We provide the controls and evidence; your CPA firm renders the opinion. Mappings above describe how PhishFence outputs typically address SOC 2 Trust Services Criteria; your auditor's interpretation governs.