EDITORIALS
How to manage outsourced testing
You don’t just bring outsourced testers in and magically get bug reports out — there needs to be some oversight. Here are 5 ways to make outsourced testing as effective and efficient as possible.
Testpad is now SOC 2 Type 2 certified
Testpad is now SOC 2 Type 2 certified
Testpad now has SOC 2 Type 2 certification, which verifies our security controls work consistently over time. It’s the next step following our earlier Type 1 certification.
By Pheobe
January 26, 2026
Share this article
ou may remember us announcing our SOC 2 Type 1 certification which verified our security controls were in place and working. Type 2 simply extends that verification over a longer monitoring period. Prescient Assurance audited our security practices over several months and confirmed everything works reliably – access management, vulnerability handling, infrastructure maintenance, incident response. Your data has been protected by these controls all along; Type 2 just documents it.
What's the difference between Type 1 and Type 2?
Type 1 examines your security controls at a single point in time and confirms they're properly designed and working on audit day. Type 2 examines both the design and the ongoing performance of those controls over an extended period. Essentially, auditors assessed whether our controls work in practice.
What this means for you
It means that your data has been protected by our controls all along. Type 2 is independent verification that our security processes work consistently over time. If your company requires vendor security certifications, Type 2 gives you that verification.
Beyond the certification
SOC 2 Type 2 is a significant certification, but security doesn't stop here. We manage security with a layered approach that reflects our Software as a Service (SaaS) framework.
We use highly respected cloud-service providers to manage data and provide our service – primarily AWS for infrastructure. We've implemented regular automated vulnerability scans, annual penetration tests, and regular software updates. Our SOC 2 Type 2 certification provides third-party verification that these security processes work consistently.
We're continuing to:
- Monitor systems proactively for potential issues
- Keep infrastructure updated and patched
- Review access controls regularly
- Respond quickly to incidents
- Improve processes based on what we learn
You can see our full security approach on our Security page, including details on encryption, access controls, vulnerability management, and incident response.
What's next
We'll maintain Type 2 certification through annual audits. SOC 2 reports are valid for 12 months, so we'll undergo a new audit each year to verify our security controls continue operating effectively.
Have questions about our SOC 2 Type 2 certification or want to discuss our security practices? Email us at support@testpad.com – we’re always happy to chat.
If you liked this article, consider sharing
More articles
EDITORIALS
Testpad is now SOC 2 Type 1 certified
Testpad now has SOC 2 Type 1 certification – a major milestone that confirms we meet industry-recognised security standards, with the right controls in place to protect your data and manage risk properly.
EDITORIALS
Software testing basics to get you started
Software testing is trying to catch your product out before your users do. You interact with your software, try different things, and see what breaks. That's basically all there is to it.