SOC 2 Readiness

Achieving SOC 2 compliance is critical for organization’s who hold, store, or process customer data and is becoming the minimal requirement for SaaS providers.

Developed by the American Institute of CPAs (AICPA), SOC 2 reports are generally best for companies that process or store information for customers. The SOC 2 defines criteria for managing customer data based on five “trust service principles” – security, availability, processing integrity, confidentiality, and privacy.

SOC 2 Type I

The Type I report provides a report of the procedures/controls that an organization has put in place at a point in time. The report also provides an opinion on the suitability and design of the controls in place at the point in time of the audit.

SOC 2 Type II

The Type II report is most likely what potential partners are most interested in. It assesses the effectiveness of an organizations controls over an audit period and tests how an organization implemented its controls over that period (typically not less than 6 months).

BRCG knows how valuable a SOC 2 Report is for an organization and has expertise in implementing the controls required for a favorable SOC 2 Report in a timely manner. We know that early stage companies are juggling many different business priorities and might not have the knowledge, time or expertise to understand the requirements and design the proper controls. BRCG offers advice and guidance on best practices and hands on implementation to allow your organization to focus on core business.

At the conclusion of the SOC 2 Readiness Program, your organization will have in place company policies, procedures and properly designed controls for favorable Type I Report. We will do the heavy lifting and will only ask for access to key personnel, and for your approval of procedures and policy elements. BRCG can also help manage the ongoing control program for a successful Type II audit as needed. We can help your organization with any of its SOC 2 initiatives, including Type 1, Type 2, and Readiness Assessment reporting.