SOC 2 Checklist – Week by Week

What does a weekly project plan and checklist look like for SOC 2 readiness? How do you prioritize practically? What are the key tasks I need to accomplish each week? 

Topics in this webinar include:

  • SOC 2 Checklist
  • 12-week readiness project plan
  • Key tasks prioritized weekly
  • Visual overview of the readiness process
  • Healthy readiness expectations

Download the webinar:

Continue reading SOC 2 Checklist – Week by Week

SOC 2 – Incident Response

What are the SOC 2 expectations for incident response? What do auditors look for? How does incident response interact with change control and risk management? What are some examples?

Topics in this webinar include:

  • The core components of compliant incident response
  • The critical ties to change control and risk management
  • Real world examples
  • Get inside your auditor’s head

Download the webinar:

Continue reading SOC 2 – Incident Response

SOC 2 : A Tactical Approach Webinar

So you have been working on readiness; now what? How do I know I am ready for an audit? What kind of evidence do I need? What, exactly, will an auditor be asking for?  

Topics in this webinar include:

  • What evidence do you need to collect in advance
  • Who in your organization needs to ready
  • What effective compliance management looks like
  • Get inside your auditor’s head

Download the webinar:

Continue reading SOC 2 : A Tactical Approach Webinar

SOC 2 – Human Resources Management

What do I need to know before the auditor shows up? Why does SOC 2 care about HR policy and practices and what are the relevant HR requirements? How do I incorporate the requirements over external parties and communications? Even more germane, how do I properly document for the audit?

Topics in this webinar include:

  • The relevant SOC 2 criteria impacting human resource management
  • The HR requirements that apply to customers, vendors, and communications
  • How to create auditable evidence
  • Get inside the head of a SOC 2 auditor

Download the webinar:
Continue reading SOC 2 – Human Resources Management

SOC 2 Vendor Management Webinar

In this webinar we team up with Blissfully, a SaaS management company that recently completed their own SOC 2 Type II.

What are the SOC 2 criteria for Vendor Management? What’s required to properly assess my vendor’s security? What will my SOC 2 auditor expect to see? What are the best practices others are using?

Topics in this webinar include:

  • Why vendor management is critical
  • What it means for SOC 2
  • How to leverage software
  • War stories from a recent audit
  • Sample vendor management audit questions

Download the webinar:
Continue reading SOC 2 Vendor Management Webinar

Whitepaper: How to Talk to About SOC 2 Before You’ve Done It

SOC 2 is a phrase that can strike fear and confusion into startups and small businesses, but there’s an easy way to talk about and respond to SOC 2 requests long before you undergo the time and expense of a formal SOC audit.

Most startups and SMBs first encounter the term “SOC 2” during the sales process when a customer asks if you are “SOC 2 compliant” or have a “SOC 2 certification.” In many cases, the customer or prospect doesn’t even know what SOC 2 really is, or what goes into a SOC 2 audit. They’ve just been told by their compliance director or security officer (or the pundit at an industry conference or webinar) that all vendors must “be SOC 2” to do business with their company. SOC 2 is as much a buzzword to many companies as it is an actual policy.

You can win SOC 2-contingent business by showing you understand the point of SOC 2, and that you can deliver SOC 2-style reliability even before you obtain formal compliance. The trick is understanding SOC 2 first.

Download full whitepaper here:

SOC 2 Prioritization Webinar

One of the most important aspects of a SOC 2 readiness project is ensuring that the right steps are prioritized. The requirements are numerous and SOC 2 newbies often struggle in determining what to tackle first. After years of experience we’ve developed a preparation approach that will guide you to doing the right things at the right time.

In this webinar we cover the key processes that should be the focus of your first few weeks of SOC 2 preparation. We look at the business processes that occur most frequently as well as approaches to mitigate security risks early. Too often organizations get caught up in checking the boxes trying to be “compliant” and fail to step back and address true security risks.

Topics in this webinar include:

  • The SOC 2 Timeline
  • Change Management Requirements
  • HR Requirements
  • Vulnerability Management Requirements
  • Risk Management Requirements
  • Conducting a SOC 2 Gap Analysis

The webinar was recorded in April 2018 and we’ve made it available for download by filling our the form below.

Continue reading SOC 2 Prioritization Webinar

Our cloud provider already has a SOC 2 and other certifications, do we still need to do it?

If your company is using an IaaS (Infrastructure as a Service) provider such as AWS (Amazon Web Services), you’re probably impressed with number of certifications they have collected. A SOC 2 Type II from an IaaS provider will often cover most of the physical security requirements. Depending on how your system is configured, it may cover backup & recovery, and disaster recovery portions. A SOC 2 Type II from your cloud provider will not cover your application, your internal policies, etc. Using cloud services are helpful, but will not give you 100% coverage.

How long does it take to prepare for a SOC 2 audit?

On average, going from zero to SOC 2 Type II will take from 8 months to a year. Smaller companies that don’t have many systems can often complete the process faster. To further expedite the process, it is advisable to not create all policies and procedures from scratch. Many security & compliance consultants have built vast libraries of policies and procedures that can be customized for your business and make your life easier.

We already have good security, is that enough for SOC 2?

Having good security practices in place is certainly a good start, but often not sufficient for compliance. Security does not equal compliance, and vice versa. Preparing for SOC 2 may include Security (logical & physical), Availability, Integrity, Confidentiality, and Privacy. Newer/smaller companies often prepare for a SOC 2 by creating many of these policies for the first time. The creation of new policy will often lead to the implementation of new preventative and detective controls.