LastPass Earns SOC 2 Type II Attestation!

Laptop with LastPass vault

In November 2016, we were proud to share the news that LastPass passed our  SOC 2 Type I audit with flying colors. Today, we’re thrilled to announce that in late 2017, we achieved SOC 2 Type II compliance!

What’s SOC, you ask? It stands for “Service Organization Controls”, and SOC 2 reports are the software industry’s gold standard for evaluating internal controls that protect the security, confidentiality, integrity, availability and privacy of the information with which our customers entrust us. They’re a pretty big deal, and they’re important to you.

A SOC 2 Type I report is a point in time assessment of a company’s systems, how management describes them, and what controls are in place to support them. It’s an expert and widely respected review of how systems and procedures are designed. A SOC 2 Type II report goes the extra mile – it evaluates, over many months, whether those systems and procedures operate effectively.

It’s a rigorous process, reviewed annually, and we think you’re worth it. It’s proof positive that the 33,000 businesses using LastPass to safeguard passwords and manage employee authentication have placed their trust in a company committed to security and privacy.


Deborah (Deb) Ferrazano recently joined LogMeIn as Security Engagement Manager, responsible for promoting security awareness and best practices to help employees (and their families, friends, our customers, and random folk she meets on the train or in the grocery store) protect their sensitive information and identity in this very connected world. She may be relatively new to the company, but she’s a longtime user and devotee of LastPass!