Learn How To Prepare For Your First SOC 2 type 1 Audit

Step-by-step instructions to build your team, create a project timeline, write policies and prepare for auditors. Oh, and it's 100% free. We wrote this to make the process less painful for fellow startups.

Phase I: Research

Learn what to expect

SOC2 compliance can be an intimidating process. Step one is understanding what you’re getting yourself into. Read this section in order to learn what to expect from a time, team and budget perspective.

Free eBook: Everything I Wish I'd Known Before Starting SOC 2
Phase II: Project management

Build your team, delegate tasks, define deadlines

It’s time to start your SOC 2 prep. Step two is to gathering your team, tools, and timeline to understand what’s missing and evaluate build vs buy options.

Phase III: Write Policies

Incorporate best practices

Step three is to actually write your SOC 2 policies. This is the heavy lifting portion. Luckily we have done the hard work of researching best practices so you don’t have to. Read our cheat sheet for each policy then download our open source SOC 2 templates.

Phase IV: Audit

Prepare for On-site Auditors

You’ve done the hard work to define policies. Now you need to prove they’re complete and enforced. Make sure everyone on your SOC 2 team is available to answer auditors’ questions. Be ready to collect logs, example documentation (ex: onboarding), and evidence that each policy is actually enforced.

“The effort to achieve SOC2 without strongDM would have been monumental from a cost & labor perspective.”

Michael DaSilva

Infrastructure Security Manager, Yext

Trusted by some Great Companies, just like yours


See How strongDM Speeds Up Evidence Collection