Skip to content

Frederick, MD. – May 30, 2019 – Fugue, the company delivering autonomous cloud infrastructure security and compliance, today announced the addition of SOC 2 and ISO 27001 to its SaaS solution’s growing list of out-of-the-box compliance standards. Organizations can now use Fugue to demonstrate continuous compliance with a wide range of industry regulations and standards including HIPAA, GDPR, NIST 800-53, AWS CIS Benchmark, PCI, and now SOC 2 and ISO 27001 across their entire cloud computing footprint.

The American Institute of Certified Public Accountants (AICPA) developed SOC 2 as an auditing standard for service providers that store customer data in the cloud to ensure that controls and systems adequately address the security, availability, processing, integrity, and confidentiality of customer data. The ISO 27001 standard includes requirements for establishing information security systems and controls.

“What makes achieving SOC 2 compliance especially difficult is that unlike many other regulations or standards that set universal requirements, a SOC 2 report is unique to an organization,” said Fugue CEO Phillip Merrick. “That requires each company to design its own controls to comply with one more more of the ‘five trust principles’ and demonstrate compliance to internal and outside auditors. Our customers have asked for our help, and we’re pleased to deliver SOC 2 and ISO 27001 compliance as part of our comprehensive cloud compliance capabilities.”

Security and compliance teams leverage Fugue to establish known-good baselines in order to identify any “drift” from that baseline, and report on policy violations when they occur. When Fugue detects a drift event, it immediately and automatically reverts back to the established baseline with self-healing infrastructure to protect against a data breach. Fugue also provides a complete record of cloud infrastructure change that users can “rewind” and view to understand exactly what happened in that specific environment, and track and understand changes to cloud environments over time.

“Fugue is a great product that’s helping us transform how we meet our compliance requirements,” said James Sipe, Vice President of Compliance and IT Security at SparkPost. “Fugue was easy to adopt, and we quickly had a complete picture of our cloud compliance posture, and it helps us ensure everything stays compliant.”


SOC 2 and ISO 27001 compliance capabilities are available now to all Fugue customers. For more information, visit

About Fugue

Fugue ensures that cloud infrastructure stays in continuous compliance with enterprise security policies. It identifies security risks and compliance violations, uses baselining to detect drift and protect critical resources with self-healing infrastructure, and enables a shift left on security and compliance. Fugue automates continuous compliance audits and reporting with out-of-the-box frameworks for the CIS AWS Foundations Benchmark, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, and SOC 2. Organizations such as PBS, SAP NS2, and TrueCar trust Fugue to protect their cloud environments. Fugue’s investors include New Enterprise Associates, Future Fund, Maryland Venture Fund, In-Q-Tel (IQT), and Core Capital Partners. Fugue is an AWS Advanced Technology Partner and a Launch Partner in the AWS Cloud Management Tools Competency Program in the Governance category. Fugue was named a CyberSecurity Breakthrough Award winner in the IaaS category and a Gartner Cool Vendor in Cloud Computing. To learn more about Fugue, visit

Media Contact:

Rachel Kaseroff


Fugue Developer

Free Cloud Security for Engineers

  • Visualize your cloud infrastructure
  • Run policy checks and get feedback
  • Detect change and eliminate misconfiguration