Taking the first steps to prepare for a SOC 2 audit report can be daunting. 

Selecting your Trust Services Criteria (TSC), writing policies and implementing information security controls, completing gap and readiness assessments, choosing a CPA auditor — it’s difficult to know where to start, and little practical guidance is available for those undertaking the SOC 2 audit process for the first time. 

We’ve designed this section to help you identify where you can save time and effort, understand best practices for preparing so you go into your audit confidently, and ultimately come out of it all with a successful SOC report. 

Here’s everything you need to know about preparing for a SOC 2 audit.

Define Your SOC 2 Audit Scope

Learn how to properly scope your SOC 2 audit to save your company time and money. 

SOC 2 Compliance Requirements

Unravel SOC 2compliance requirements and find out how the AICPA’s points of focus can help service organizations select internal controls to satisfy them.  

Establishing a SOC 2 Project Plan

Like any major initiative, SOC 2 compliance requires a solid project plan. Get tips for each phase to keep everything running smoothly from start to finish. 

SOC 2 Policies and Procedures

View the list of policies you’ll need to put in place in order to comply with SOC 2 requirements. 

SOC 2 Compliance Documentation

What kind of compliance documentation is required for an audit? Read more about the management assertion, system description, and control matrix. 

SOC 2 Readiness Assessments

Find out how a SOC 2readiness assessment is performed and how it can help you go into a compliance audit with confidence.