Frequently Asked Questions
This is determined based on your company’s commitments to your customers. A good place to look is in your customer contracts.
- Do you commit to providing adequate security controls? If yes, select the Security principle.
- Do you handle confidential customer data and have non-disclosure, data retention and disposal commitments around such data? If yes, select the Confidentiality principle.
- Do you collect, process, transmit or store customer PII and have privacy
commitments? If yes, select the Privacy principle. - Do you have SLAs around uptime? If yes, select the Availability principle.
- And finally, do you have commitments around the integrity, accuracy, and completeness of data processed through your system? if yes, select the Processing Integrity principle.
A Readiness Assessment involves an in-depth review of a company’s policies, procedures, and practices to determine a company’s readiness for a SOC 2 audit. It enables you to know which processes will pass or fail so that you can implement necessary measures and be audit-ready.
SOC 2 requires management to assess internal controls on a periodic basis (or periodically). While you do not need to have an independent third party or an established internal audit organization, the assessment should be performed by an objective and competent personnel, if available. Otherwise consider contracting with a third party to perform the assessment.
It depends on how many criteria you plan to cover. It typically takes 1 week for interviews and about 4-6 weeks after interviews to get the SOC 2 Audit report in hand.