What is SOC 2 Compliance?
SOC 2 is an attestation report assessing your company’s general information technology controls covering 5 trust services criteria: security, confidentiality, privacy, availability, and processing integrity.
Is this your first SOC 2 audit?
Start with our auditor- proven audit preparation services!
We will identify your risks & control gaps, present recommendations, provide audit tips & tricks, and remediate your issues prior to your SOC 2 audit.
SOC 2 Benefits
- No gaps. No worries. No stress.
- Protects your company & client data.
- Builds trust with investors, clients & executives.
- Close that deal and win that business.
Frequently Asked Questions
Is SOC 2 required?
No- however, customers or investors typically request to prove your financial data is protected and secured.
Can ComplySAM handle it all?
Yes! In fact, we can create the entire report, fill gaps, and ship off to an audit partner on your behalf.
What is the difference between Type 1 and Type 2?
Type 1 is the design of your security program with proven policies and a sample of 1.
Type 2 is over a period of time (goal is to audit 1 year of data) with sample based testing that proves your policies and security controls are in place.
How often do I need a SOC 2 audit?
Every year.
Does SOC 2 overlap with over compliance?
Yes! All the IT processes & company wide controls such as HR, will overlap with HIPAA, ISO 27001, PCI.
Do I need Type 1 or Type 2?
It depends on the client requirement and contract terms. Typically, if it is your first audit, Type 1 will be accepted for the first year. Your goal is Type 2 which the observation starts immediately after the Type 1 issuance.