Picnic maintains effective security controls over its platform according to recent SOC 2 Type II report

Meeting all five Trust Service Principles (TSPs) along with HIPAA Security Rule Requirements, Picnic is set to deliver customer confidence in its first-of-its-kind enterprise-wide social engineering protection platform.

WASHINGTON, D.C. – March 24, 2022 – Picnic, the industry’s first social engineering prevention and detection platform, announced today that the company has undergone a System and Organization Controls (SOC) 2 Type II examination resulting in a CPA’s report stating that management of Picnic maintained effective controls over the security, availability, processing integrity, confidentiality, and privacy of its platform.

A SOC 2 Type II report is designed to meet the needs of existing or potential customers who need assurance about the effectiveness of controls used by the service organization to process customers’ information.

Picnic proactively protects people and companies from social engineering threats that get around traditional cybersecurity controls. The company’s platform does this by continuously monitoring the public data of organizations and their people from over 1,000 data sources, analyzing what data an attacker could use to create a social engineering scam, and then removing that data to prevent an attack. The technology works proactively, automatically, seamlessly, and continuously to protect individuals, their organizations, and their families.

“Until now, companies have struggled with balancing data security and privacy. At Picnic, we provide security through privacy. Since our platform delivers unprecedented insights into an organization’s data vulnerabilities, it is important for our clients to know that we do this with integrity and with no compromises when it comes to keeping people’s personal info secure,” said Picnic CEO Matt Polak. “We are pleased that our SOC 2 Type II report has shown we have effective controls in place to mitigate risks and ensure customer confidence.”

The following principles and related criteria have been developed by the American Institute of CPAs (AICPA) for use by practitioners in the performance of trust services engagements:

  • Security: The system is protected against unauthorized access (both physical and logical).
  • Availability: The system is available for operation and use as committed or agreed.
  • Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
  • Confidentiality: Information designated as confidential is protected as committed or agreed.
  • Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.
  • HIPAA Security Rule Requirements: The system is compliant with the applicable HIPAA Security Rule requirements set forth in the U.S. Department of Health and Human Services’ (HHS) Health Information Portability and Accountability Act.

A SOC 2 Type II report is an internal control report on the services provided by a service organization to its customers and provides valuable information that existing and potential customers of the service organization need to assess and address the risks associated with an outsourced service. The engagement was performed by BARR Advisory, P.A.

About Picnic
Picnic Corporation is an innovative cybersecurity firm that provides enterprises with the capability to manage their external human attack surface and to detect, prevent, and protect against social engineering attacks. Picnic’s platform automatically emulates threat actor reconnaissance on the public data footprint of an organization and its people for defensive purposes. Our technology continuously monitors and reduces company and employee OSINT exposure, commonly leveraged for social engineering and initial access, preemptively disrupts attacker reconnaissance and resource development, and proactively neutralizes human risk beyond the corporate perimeter to prevent organizational compromise. For more information, contact Picnic at [email protected], visit us at getpicnic.com, and follow us on Twitter and LinkedIn.

For media inquiries, contact us at: [email protected]
Copyright © 2023 Picnic Corporation

Scroll to Top