Audit-ready, all year.
When an auditor, a customer questionnaire, or your cyber-insurer demands a penetration test, Rift delivers a report that satisfies the requirement — with an attestation letter and a full evidence trail, on the cadence your framework needs.
One test, mapped to your obligations
Rift's reports speak the language your auditor expects — here's what each framework asks for and how we satisfy it.
SOC 2 Type II
Independent pentest evidence for the CC-series controls, with an attestation letter your auditor can attach directly.
ISO 27001
Technical vulnerability assessment evidence supporting A.12.6 and the Statement of Applicability.
GDPR
Article 32 evidence of 'regular testing of technical measures' for systems processing EU personal data.
HIPAA
Technical evaluation evidence for the Security Rule, with PHI-safe, non-destructive testing.
Cyber insurance
The proactive testing evidence underwriters increasingly require to bind or renew a policy.
Customer questionnaires
Answers the pentest sections of SIG, CAIQ, and bespoke vendor security reviews — fast.
Annual is the floor, not the ceiling
A yearly test checks the box. Continuous coverage means the box stays checked — and you never discover a regression the week before an audit.
- ✓Annual: two scheduled tests + attestation letter
- ✓Continuous: re-tested on every deploy, always current
- ✓Either way: the same verified, exploit-backed evidence
- ✓Reports formatted for auditors, not just engineers
Auditors & vCISOs
If you recommend pentest vendors to your clients, Rift's per-asset and per-size pricing is easy to scope, protects your margin, and scales cleanly across a book of business.
Stop scrambling before every audit.
Whether you need a one-off for an upcoming deadline or continuous coverage, get early access and we'll reach out the moment Rift is ready.