A SOC 2 audit is an audit of a service organization’s non-financial controls as they relate to a specific set of criteria. SOC 2 audit standards fall under the AICPA’s Statements of Attestation Standards 18 similar to a SOC 1, but specifically addressed in section ATR-C 105 and AT-C 205. The service organizations controls that are illustrated are outlined by the AICPA’s Trust Service Criteria (TSC), that are relevant to its services, operations, and compliance. There are 5 Trust Service Categories that can be in the scope of a SOC 2 report. These are: Security; Availability; Processing Integrity; Confidentiality; and Privacy. The Security criterion, also referred to as the common criteria, is the only required criteria that must be included in your SOC 2. The other 4 criteria can be scoped in or out based on their applicability and/or what is being asked for by your stakeholders, customers, prospects, etc.
DDS specializes in providing SOC 2 services to SaaS companies. We understand that the idea of needing a SOC 2 is initially intimidating. You may be concerned about cost; confusion on what controls are “must-haves” versus “nice to haves”; concerns about the hidden costs of your time commitment while you are likely in growth mode. We have positioned ourselves to make this process as minimally intrusive as possible on your internal resources. We have spent countless hours working to streamline this process through the following initiatives:
- We have partnered with a SaaS company that assists with SOC readiness. Our partner has built a platform that walks you through what controls should be in place to be SOC 2 ready, continuously monitors most of your controls through integrations with your current “tech-stack”, helps generate or update your policies and procedures, and much more. This greatly reduces the time constraint on you and your resources and provides a great level of clarity throughout the process. We have positioned our combined pricing with our readiness partner so that the combined price you pay is minimally different than what our pricing would be without them. The end result is a simpler process, less time spent on your end, and a quicker path to final product.
- We have built out a customized audit program specific to our readiness partner’s platform. This takes hundreds of questions that need frequent Zoom meetings, calls and emails and streamlines the process to only needing to discuss a handful of items that we cover outside of our partner’s platform.
- We have created dozens of proprietary documents that assist you with generating best in class policies and procedures.
Many others that we are eager to discuss with you on a follow up call.