December 16, 2022 PyUp Cybersecurity Issued Clean SOC 2 Audit

PyUp Cybersecurity's platform and security practices were audited with zero exceptions

VANCOUVER, BC - December 16, 2022 - PyUp Cybersecurity, the leader in Python dependency security scanning and compliance, has successfully completed a System and Organization Controls (SOC) 2 Type I audit. PyUp's SOC 2 Type I report did not have any noted exceptions and therefore was issued with a "clean" audit opinion.

"Security and compliance have always been a critical part of our organization," said Justin Womersley, CEO of PyUp Cybersecurity. "This clean SOC 2 audit is an important step for PyUp. It confirms our existing commitment to security and accountability and provides even more assurance to our customers and partners that their data is being handled with the utmost care and protection."

Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 information security standard is an audit report on the examination of controls relevant to the trust services criteria categories covering security, availability, processing integrity, confidentiality, and privacy. A SOC 2 audit is performed by an accredited CPA firm and verifies that all the necessary safeguards are in place to protect customer data and that the safeguards are operational. PyUp's audit was performed by Sensiba San Filippo, LLP (SSF), in partnership with the Drata compliance monitoring platform. 

A SOC 2 Type I report describes a service organization's systems and whether the design of specified controls meets the relevant trust services categories at a point in time. PyUp's SOC 2 Type I report did not have any noted exceptions and therefore was issued a "clean" audit opinion from SSF. PyUp will now start the SOC 2 Type II audit, which will confirm the same adherence to security and compliance measures over a period of time, and expect this report by Q2 2023.

About PyUp Cybersecurity

PyUp Cybersecurity specializes in Python dependency security and is used by thousands of teams to secure their Python environments. PyUp's cybersecurity intelligence team tracks signals in public source control data, and manually confirms the details of every new CVE, resulting in the most comprehensive and accurate Python vulnerability database. PyUp provides data, products and expertise to Fortune 500 companies, federal agencies, financial services institutions, telecom providers, hospitals, and other cybersecurity companies.

PyUp Cybersecurity's open-source tools and data, such as the Safety CLI scanning tool, are used by millions of developers each month and power the scanning functionality of foundational open-source projects such as PyPa's Pipenv and RedHat's Clair.

Media Contact

Tristan Laurillard - Head of Operations
media@pyup.io