Security and privacy compliance can be complicated, filled with their own entire dictionary of terms, and and the processes involved for each offer their own unique challenges. Service Organization Control 2, better known as SOC 2, reports on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.
Although the American Institute of CPAs or AICPA is the source of truth related to the topic, we are bringing the information down to earth so that everyone can fully understand the core concepts. With this in mind, we are excited to share with you season one of our SOC 2 primer course that walks you through the basics. If you have any questions along the way, don’t hesitate to create a new discussion post in the SOC 2 area of the community.
-
What even is a SOC report?
-
What is SOC 2 and why is it important?
-
Who conducts the audit (CPA)?
-
How long does the process take (T1 and T2)?
-
How much does the process cost?
Episode 2: The Different SOC Reports
-
What are the differences between SOC 1, 2, 3?
-
How do I choose the right report and based on their intended uses?
-
At a high level, why is SOC 2 for security the baseline and why you may add in the other areas?
Episode 3: Looking Inside a SOC 2 Report
-
What do you usually see in a SOC 2 report?
-
Does a report say if I pass or fail?
-
What does it mean to receive a SOC 2 report? Is it a certification?
Episode 4: How a SOC 2 Report Provides Value
- What is the impact on having a SOC report in the sales process?
- Does SOC 2 help establish trust?
- What are some common use cases or scenarios where companies are asked for a SOC report?
Episode 5: Preparing for the SOC 2 Process
-
Who is involved with the process?
-
What resources you need (team members, time)?
-
What tools/documentation are required?