Skip to content

Get Certified

Common Defense scores your security against a fixed pass-or-fail checklist across six areas. A customer, partner, or investor receives one clear result they can act on rather than a report they must interpret.

SOC 2 and Common Defense

Common Defense certification sits alongside your SOC 2. SOC 2 attests that your controls exist and operate. It wasn't designed to tell a buyer whether an attacker can reach your keys, treasury, or model weights. That's what we certify.

SOC 2Common Defense
Scope set byYou, per auditA fixed checklist, same for everyone
MeasuresWhether controls exist and get followedWhether the assets attackers want are hard
CoversGovernance, availability, processKeys, model weights, treasury, comms
OutputA report with exceptionsA pass or a fail

A buyer’s security team can’t see your posture, so they slow the deal. Certification gives them a fixed-checklist result, pass or fail, that answers the question without a back-and-forth.

The six areas we score

We certify across the six areas that decide whether an operation holds under attack: data protection, IP and model-asset protection, identity and access, DevOps and supply-chain integrity, endpoint and ransomware resilience, and communications. Each maps to a way real companies get breached.

How the score works

Every area is judged against concrete criteria, so a pass means the same thing for every company. There is no partial credit and no “medium” finding to interpret. Where you fall short, you get a specific plan to close the gap and re-certify. As your systems and team change, we re-score, so the result reflects where you stand today.

What a pass gets you

A pass is a signal your buyers can act on. It shortcuts the security questionnaire, gives a partner’s procurement team a clear answer, and tells an investor’s diligence that the controls behind your product hold. That is assurance you can put in a data room, not a posture you have to explain. And because the bar is external and identical for every company, the result carries weight your own security page never could.

How we help

A fixed standard

Six certifiable areas, each scored against concrete criteria, so a pass means the same thing every time.

Clarity for buyers

A pass against a known bar tells a partner what they need to know, with no wading through "medium" findings.

A path to the pass

Where you fall short, you get a concrete plan to close the gap and re-certify.

Stays current

Certification keeps up with you. We re-score as your systems and team change, so a pass reflects where you stand today.

Close every gap before it becomes an incident.

Get Protected