Share SOC2 report

What do you love about LastPass? What do you hate about it? Tell us why you like it, why you don't, and why.

Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn

Share SOC2 report

Postby j360 » Thu Nov 24, 2016 4:30 am

As mentioned in the recently (November 22, 2016) blog, LastPass has "achieved" SOC2. As stated: "The SOC 2 audit is a detailed review of the controls and processes in place to ensure our products and systems are secure and reliable". However in the blog post the outcomes/evaluations are not included. As client of Lastpass I am interested in the outcomes of the SOC2 report.
Is there a possibility to share these outcomes? Thank you.
Posts: 1
Joined: Thu Nov 24, 2016 4:15 am

Re: Share SOC2 report

Postby mike808137 » Sat Nov 26, 2016 11:51 am

Seconded. Even if it is on request, the process (and criteria) for obtaining LastPass' most recent SOC2 (they are annual certifications of conducting a review) should be published somewhere. The cover letter from the auditing firm may be sufficient for some (i.e. date of SOC2 issuance and the auditing firm).

j360, keep in mind that the SOC2 is an audit certification, not a compliance certification. It's a bit like your CPA confirming that you have a process for filing your taxes, and that you have completed that process. Such a statement "certified" by your CPA says nothing about what exemptions you took to avoid paying taxes or your income.
Posts: 266
Joined: Tue Feb 24, 2015 12:04 pm

Re: Share SOC2 report

Postby jpenny84 » Sat Nov 26, 2016 12:57 pm

It used to be SAS 70, but I guess the AICPA broke it up a while ago into SASE 16 and the SOC stuff. SASE 16/SOC are internal control audits. Say you had a data center which had a publicly traded company as a client, and they stored confidential data there. The publicly traded company will want this data center to meet SASE 16/SOC standards for their own internal control requirements.
Posts: 7862
Joined: Tue Mar 06, 2012 9:10 pm

Re: Share SOC2 report

Postby EswarVandanapu » Thu Feb 16, 2017 2:09 pm

We would like this report as well. What is the process to get the report? Generally it requires an NDA to be signed before report can be given out. If it can be made available online through the Admin Console, it is even better.
Posts: 1
Joined: Thu Mar 31, 2016 5:35 pm

Return to Feedback

Who is online

Users browsing this forum: No registered users and 15 guests