What Is SOC 2 Type 2 | A Guide To Complete Your First Type 2 Audit

There are several different levels of SOC (Service Organization Control) reports and types, so it is easy to get them confused. A SOC 2 Type 1 report looks at an organization’s controls at a point in time concerning its clients’ financial reporting. The SOC 2 Type 2 report measures those same controls over a more extended period. SOC 2 Type 1 builds on the reporting basis of SOC 1 but

Read more

How To Speed Up A SOC 2 Report | A Guide To Narrow SOC 2 Scope

Woman seated at laptop sharing advice on how to speed up a SOC 2 report

One of the most critical steps is selecting members to lead the initiative. Many organizations start planning for SOC 2 thinking they can delegate responsibilities solely to members of the IT and information security staff. And although members of those teams will play a big part in the process, your core SOC 2 team will also include HR, legal and other business units as well. This blog will help you understand your core SOC 2 team and how to build it.

Read more

SOC2 Team | Learn To Define Roles & Responsibilities

One of the most critical steps is selecting members to lead the initiative. Many organizations start planning for SOC 2 thinking they can delegate responsibilities solely to members of the IT and information security staff. And although members of those teams will play a big part in the process, your core SOC 2 team will also include HR, legal and other business units as well. This blog will help you understand your core SOC 2 team and how to build it.

Read more

What is SOC 2 Compliance | A Guide To Prepare For Your First Audit

If you sell software to businesses, clients will probably start asking if you're SOC 2 compliant? Why? Because it's a convenient way to confirm you have *some* maturity around security best practices. What SOC 2 is not! You should not confuse SOC 2 compliance for actual security best practices. Although it covers the core departments and processes that interact with sensitive data, it does not stipulate standards. It merely confirms

Read more

SOC 2 Type 1 Guide | Everything You Need To Know

Cover illustration for Guide explaining SOC 2 Type 1

The first time I went through SOC2 I wasted way way too many hours on Google trying to figure out best practices. It drove my nuts how much was written without actually telling me anything actionable. Why wasn't there a simple summary to understand: How long will a SOC 2 Type 1 audit take? How much will SOC 2 Type 1 cost? What are best practices for each policy? Two

Read more

Why We Built Comply | Free SOC 2 Policy Templates

strongDM Founders introduce Comply an open source project for SOC 2 compliance

SOC 2 can be a daunting process. Policies are subjective; auditors avoid providing much guidance; advice on the internet is incomplete or vague. We decided to create Comply, an open source collection of policy templates that includes best practices. We hope it reduces the stress of SOC 2 and points fellow startups in the right direction. SOC 2 involves every team in the company -- including many which don’t report

Read more