SOC 2 Timeline

The SOC 2 Audit Process & Timeline The SOC 2 standard was created by the AICPA. A licensed, certified public accountant must sign all SOC 2 audits. To achieve SOC 2 compliance, most companies spend 6 months to 1 year preparing.

SOC 2 Timeline
Nick Gibson
August 17, 2022
SOC 2

How to create a content plan

Lorem ipsum dolor sit amet consectetur adipiscing elit. Diam quis tellus ut sem ac malesuada ipsum tellus vitae odio nulla sociis mauris consectetur ac enim condimentum sagittis nulla sed volutpat imperdiet habitant aenean ut turpis lectus pulvinar mattis fames suscipit aliquet pellentesque enim massa vitae pharetra amet.

  1. Vitae et erat tincidunt sed orci eget egestas facilisis amet ornare
  2. Sollicitudin integer  velit aliquet viverra urna orci semper velit dolor sit amet
  3. Vitae quis ut  luctus lobortis urna adipiscing bibendum

What is a content plan and why it is so important?

Lorem ipsum dolor sit amet consectetur adipiscing elit eu vestibulum massa volutpat vitae blandit aliquet rhoncus tempor, nunc id aliquam quis eget lobortis massa non est aliquam vel gras proin urna nec metus faucibus turpis nunc tellus.

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

What are the best tools to create content plans easily?

Viverra in nulla natoque non ultrices eget neque rhoncus potenti ultrices lectus sit dis sed ornare nunc sociis et est arcu egestas dis non sit felis, praesent cras convallis egestas risus sed turpis lectus donec eu lectus maecenas quis odio quis ornare magna pulvinar commodo risus eget imperdiet senectus turpis iaculis maecenas velit sagittis neque tempor in volutpat  condimentum diam enim hendrerit ut.

3 tips to create a content plan that drives engagement and growth

Eu risus sed turpis lectus donec eu lectus maecenas quis odio quis ornare magna pulvinar commodo risus eget imperdiet senectus turpis iaculis maecenas velit sagittis neque tempor in volutpat, condimentum diam enim hendrerit ut.

  • Dolor duis lorem enim eu turpis potenti nulla semper velit sed
  • Lorem a eget blandit ac neque amet amet non dapibus pulvinar
  • Pellentesque non integer ac id imperdiet blandit sit bibendum
Eu risus sed turpis lectus donec eu lectus maecenas quis odio quis ornare magna pulvinar commodo risus eget imperdiet.
Identify the content that is performing best, and stick with it

Egestas orci purus sed at quisque lacus tempus cursus facilisi scelerisque tellus nunc scelerisque ornare id id nullam sit gravida habitant donec amet amet sit elementum cras tellus at elementum sit Id sit sagittis dolor nibh elit magna tortor accumsan consectetur sit fames amet aliquet amet nunc scelerisque nulla massa scelerisque gravida neque ultrices sed eu nulla diam sapien ac enim.

The SOC 2 Audit Process

The SOC 2 standard was created by the AICPA. A licensed, certified public accountant must sign all SOC 2 audits. To achieve SOC 2 compliance, most companies spend six months to one year preparing. This preparation includes deciding which systems will be included in the audit (in scope), developing policies and procedures, and implementing new security controls to minimize risk. The first time you complete a SOC 2 audit, you'll receive a SOC 2 Type 1. Most companies want a SOC 2 Type 2. This means to obtain a SOC 2 Type 2, you'll need to complete the SOC 2 Type 1 audit and then conduct a SOC 2 Type 2 audit after 6 to 12 months have elapsed. This distinction can be confusing but is very important.

Here's an easy way to remember: S = SCOPE, T = TIME

SOC 1 = Financial Scope

SOC 2 = Information Security Scope

Type 1 = At a single point in time

Type 2 = Over a period of time (usually 6-12 months)

When an organization is ready to begin the audit, it will hire a licensed CPA auditing firm to conduct the audit. The actual process starts with a scoping discussion and selection of the Trust Service Criteria that will be evaluated by the auditor. The following 6 to 8 weeks are used to collect and submit evidence to the auditing firm, usually through the use of a portal or document request spreadsheet. During the 6 to 8-week period, most auditing firms will hold weekly phone calls to evaluate the quality of evidence and the speed at which the organization is uploading evidence. After the evidence collection period has been finished, the auditors will schedule an onsite audit. This is typically a two-day in-person meeting at your office. Many audits conducted during 2020 and 2021 were "virtual onsite audits" due to Covid-19. These are conducted through video conferencing platforms but function in the same way as traditional onsite audits. While in your office, the auditor will conduct interviews and review evidence items.

Summary

Getting a SOC2 Type2 is a time-intensive process especially during the first year.  More detail is available in our SOC 2 Compliance Guide. Use the information above to help guide you on your journey or give us a call to help you successfully plan for and execute your SOC2 Type2 program and audit.  We have resources on the East and West Coast for our client’s convenience.If you would like help with your cybersecurity strategy or goals, give Security Ideals a call for a complimentary consultation.  We can be reached at 302-433-6222 or by email at info@securityideals.com.