How Much Does SOC 2 Cost | A Guide Budgeting For SOC 2

Before our first SOC 2 Type 1 audit, I assumed you pay an auditor, they come in make a few suggestion on how to improve and sign-off. It might take a few months, but the total cost would be some distraction plus the auditor's fee. That could not be farther from the truth. If you want to skip ahead to the hard numbers, our estimate is $147,000 all-in (download the breakdown here). To learn more about the breakdown, it takes into account: Lost Productivity Build vs Buy Decisions for New Tools Security Training It's a huge undertaking that involves senior representatives from almost every team, including HR, Legal, Engineering, Sales, Customer Support and more. If you try to carry the entire burden yourself without involving other teams, you're wasting your time and will fail the audit. No one person can complete SOC 2 certification. They won't have the domain expertise

Read more

Why We Built Comply | Free SOC 2 Policy Templates

strongDM Founders introduce Comply an open source project for SOC 2 compliance

SOC 2 can be a daunting process. Policies are subjective; auditors avoid providing much guidance; advice on the internet is incomplete or vague. We decided to create Comply, an open source collection of policy templates that includes best practices. We hope it reduces the stress of SOC 2 and points fellow startups in the right direction. SOC 2 involves every team in the company -- including many which don’t report to you. You need to inventory your existing tools/infrastructure, research best practices, define policies and procedures for your teams, build consensus, and ultimately persuade every team to adopt them. The process is inevitably accompanied by acute time pressure: a major Q4 deal, an impending IPO, or a life-changing partnership that depends on successfully completing your audit. Our team recently went through another SOC2 audit, and decided this time around we'd like to share some of our lessons learned. We compiled

Read more