SOC2 Certification

Win more business with a SOC2 certification

Down arrow

What is SOC2 compliance?

System and Organization Controls 2 (SOC 2) is an audit procedure applicable to all technology services or SaaS companies that collect and store customer data in the cloud. It is designed to ensure that a company’s organizational security controls and practices can effectively safeguard the privacy and security of client data. SOC 2 is often the first compliance standard that SaaS companies choose to comply with and has become the defacto standard of choice for many customers assessing the security of their SaaS suppliers.

Who needs to be SOC2 compliant?

As a service provider, your clients rely on you to protect their valuable data. Increasingly, businesses choose to work with providers who can prove their ability to handle data securely. Be SOC2 compliant – unlock your business potential and give reassurance to your clients and prospects

Rapid deployment

SOC2 Type I

SOC2 Type I

Determine whether controls are designed properly

SOC2 Type II

SOC2 Type II

Determine whether controls functions as intended

SOC2 Trust Principles

SecurityAvailabilityProcessing IntegrityConfidentialityPrivacy

 Information and systems are protected against unauthorized access, disclosure, and damage that could affect the entity’s ability to meet its objectives.

Information and systems are available for operation and use to meet the entity’s objectives.

System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.

Information designated as confidential is protected to meet the entity’s objectives.

Personal information is collected, used, retained, disclosed, and disposed to meet the entity’s objectives.

What are the Common Criteria?

Why SOC2?

Broadly accepted

Povides a competitive edge

Improves information security practices

Ensures sensitive information is protected

Protects organization from negative effects of breaches

Graduated approach

“ gives us peace of mind as our trusted advisor. They are responsive and provide advice quickly when needed.”

– Hieg Khatcherian, Chief Information Security Officer, Thrive Health

Achieving SOC2 with is a certified service partner of Vanta. and Vanta work together to provide our clients with value beyond compliance. With cybersecurity, compliance and data privacy expertise, combined with Vanta’s best-in-class technology, you can quickly achieve your security compliance goals at a lower costs, proving trust and driving growth. 

Typical SOC2 Process

Preparation for audit

Typically 3-12 months, depending on maturity and needed pace

Type I audit

Typically runs for a month, first “point in time certification”

Type II audit

Typically the first audit runs 6-12 months after completion of the Type 1

Annual audits

Once the initial audit is complete, additional audits will run every 12-18 months to prove recent compliance

Chat with us now

Frequently asked questions

When going through a SOC2 audit it is important that your teams are prepared in order to avoid delays in assessment and additional assessment costs. In order to achieve SOC2 compliance, you should take the following steps to prepare for a SOC2 audit:

  • Implement all applicable administrative policies and internal controls
  • Perform a SOC2 readiness assessment
  • Collect all policies, security documentation, and agreements with vendors and contractors

In order to ensure SOC2 compliance, organizations should perform a SOC2 audit before the current report pasts its effective coverage period. Typically, organizations go through a SOC2 audit annually to keep their SOC 2 Type 2 report current.

This means that organizations generally continue to maintain all SOC2 internal controls in place to pass future audits. You will want to ensure that administrative policies are current and that security controls continue to stay in place and are applied to newly created infrastructure and resources.