12 docs tagged with "SOC2"

There are quite a few auditing principles and concepts that might seem foreign to management or perhaps even an inexperienced service auditor.

Testing will occur for different criteria and controls that have been implemented by the service organization. For example the testing and evidence for availability will be different than that of privacy.

Your SOC 2 is only valid for a year after your audit. If you’re behind on renewing your SOC 2 report and it falls past the date in which it’s valid, you may need a SOC 2 bridge letter. In this guide, we’ll explain what a SOC 2 bridge letter is and the role it plays in maintaining trust with your customers as you renew your report.

Guide to conducting a SOC 2 audit including communication strategies, audit procedures, documentation requirements, and best practices for successful compliance attestation

No, a SOC 2 is not legally required by any organization. However, your customer may require you to obtain one in order to do business with you.

Open-source compliance automation platform for managing security, risk, and regulatory requirements. Streamline SOC 2, ISO 27001, NIST, GDPR, and HIPAA compliance.

Comprehensive guide to compliance standards including SOC 2, ISO 27001, NIST, GDPR, HIPAA, and PCI-DSS for managing organizational compliance

The below diagram does not depict all processes in an audit however it provides you with a high-level overview of what high level steps are involved in going through a SOC2 audit. Every auditing firm, consultant, and lead implementer will have its own processes and techniques for completing the audit.

There are three documents you’ll need for your SOC 2 audit: a management assertion, a system description, and a controls matrix.

Passwords and MFA

Comprehensive guide to SOC 2 compliance including Trust Services Criteria, AICPA framework, implementation timeline, costs, and audit requirements for service organizations

You should always refer to the published standard for details regarding the prescribed controls or implementation guidance. At the time of writing, the most current SOC 2 version is the 2017 with revised points of focus 2022. However, the below tables provide a high-level overview of the common criteria for each Trust Services Criteria (TSC) and the points of focus that should be used as guidance for convenience and easier readability.