Frequently Asked Questions
This is determined based on your company’s commitments to your customers. A good place to look is in your customer contracts.
- Do you commit to providing adequate security controls? If yes, select the Security principle.
- Do you handle confidential customer data and have non-disclosure, data retention and disposal commitments around such data? If yes, select the Confidentiality principle.
- Do you collect, process, transmit or store customer PII and have privacy
commitments? If yes, select the Privacy principle.
- Do you have SLAs around uptime? If yes, select the Availability principle.
- And finally, do you have commitments around the integrity, accuracy, and completeness of data processed through your system? if yes, select the Processing Integrity principle.
A Readiness Assessment involves an in-depth review of a company’s policies, procedures, and practices to determine a company’s readiness for a SOC 2 audit. It enables you to know which processes will pass or fail so that you can implement necessary measures and be audit-ready.
It depends on how many criteria you plan to cover. It typically takes 1 week for interviews and about 4-6 weeks after interviews to get the SOC 2 Audit report in hand.