What’s missing in your SOC 2 report?

Upload a report that you want to be inspected and receive a custom analysis of missing controls and weak testing. Find it before a client or attacker uncovers it first!

Upload FileLearn More

Get Ready for Your SOC 2 Audit

Prepare to successfully start and complete your SOC 2 audit with our compliance checklist.

Download Checklist
Risk Mitigation

Risk Mitigation

Learn how risk management is the foundation of the control environment and provides boundaries for your audit.

View all
4 Ways to Treat Risk
Communicating Risk Assessment Results
How to Identify, Analyze, and Manage Risks to Objectives
Identify and Assess Changes That Could Impact Internal Controls
Risk Assessment Policy
Risk Assessment Requirements
Risk Management Strategy
SOC 2 Academy - How to Manage Risks
SOC 2 Academy - What Types of Risks Does Your Organization Face?
SOC 2 Academy: Assessing Changes Within Your Organization
SOC 2 Academy: Assessing the Significance of Risk
SOC 2 Academy: How Fraud Can Impact Risk
SOC 2 Academy: Identifying Vendors as Carve-Out or Inclusive
SOC 2 Academy: Implementing Internal Controls
SOC 2 Academy: Managing Vendor Risk
SOC 2 Academy: Mitigating Risks that Lead to Business Disruption
SOC 2 Academy: Risks from Business Partners
SOC 2 Academy: Using a Risk Assessment
SOC 2 Academy: Who Should Make Updates to Your Risk Assessment?
Security Incidents and How to Prepare For Them
Should I Share Our Risk Assessment
Specify Objectives for Risk Assessments
The Assessment of Fraud for SOC 2
What Risk Assessment Method is Appropriate
What Should Be Included in Your Risk Assessment
Logical and Physical Access Controls

Logical and Physical Access Controls

Learn about what methods are required to protect your assets against unauthorized access.

View all
Assign Access Based on Business Need to Know
Authenticate Your Data Subject's Identity
Define a Password Reset Procedure to Authenticate Requests
Determining Remote Assessment Feasibility
Establish Confidentiality & Security Requirements for Remote Assessments
How to Create a Physical Security Policy
Physical Security Policy in a Remote World
SOC 2 Academy: Access Controls for Remote Employees
SOC 2 Academy: Additional Points of Focus for Logical Access
SOC 2 Academy: Assigning Roles and Responsibilities
SOC 2 Academy: Dealing with External Threats
SOC 2 Academy: Disposing of Physical Devices
SOC 2 Academy: How to Perform Thorough Inventory
SOC 2 Academy: Movement of Data
SOC 2 Academy: Physical Security Controls
SOC 2 Academy: Preventing and Detecting Unauthorized Software
SOC 2 Academy: Registering Internal and External Users
SOC 2 Academy: Taking Inventory of Physical Devices
The Importance of Physical Controls
Use Alerts to Enforce Your Access Control Policy
Internal Control

Internal Control

Learn how to create a control environment that is based on ethics, consistency, and accountability.

View all
20 Focus Areas for Security and Compliance
A Better Way to Audit
AccessOne's Values Shine Through Audit
American Litho Cares About Information Security
Attract, Develop, and Retain Competent Individuals
Auditing Operational Effectiveness
Authenticity and Transparency at Claims Management Resources
Clients Benefit from BMI's Security Controls
Communicate Information Necessary for Internal Controls
Consider the Potential for Fraud in Assessing Risks
Defining Business Continuity and Disaster Recovery
Demonstrate a Commitment to Integrity and Ethical Values
Discuss Matters Affecting Internal Controls with External Parties
Earn Client Trust with a SOC 2 Report
Hold Individuals Accountable for Internal Control Responsibilities
How to Conduct an Effective HR Interview
Management Establishes Authorities and Responsibilities
Meet Industry Demands with SOC 2 Compliance
Register for a SOC 1 Audit Workshop
SOC 1 Internal Control Framework
SOC 1 Vs SOC 2 - Which Report Do I Need (Quick Guide)
SOC 2 Academy - A Board's Independence from Management
SOC 2 Academy - Attracting, Developing, and Retaining Confident Employees
SOC 2 Academy - Communicating with External Parties
SOC 2 Academy - Communicating with Internal Parties
SOC 2 Academy - Defining the Responsibilities of Employees
SOC 2 Academy - Holding Your Employees Accountable
SOC 2 Academy - How Does an Auditor Test for Integrity?
SOC 2 Academy - Making Informed Decisions
SOC 2 Academy - The Importance of Organizational Communication
SOC 2 Academy: Evaluations of Internal Control
SOC 2 Academy: Expectations of Policies and Procedures
SOC 2 Academy: Implementing Internal Controls
SOC 2 Academy: Internal Control Deficiencies
SOC 2 Academy: Who is Monitoring Internal Controls?
Security Awareness Training Best Practices
Security Is Paramount to Atlas Technica
Selecting SOC 2 Trust Services Criteria.mp4
The Board of Directors Should Demonstrate Independence
Use Relevant Information to Support Internal Controls
System Operations

System Operations

Learn how to defend against malicious attacks by detecting and responding to system vulnerabilities.

View all
A Different Type of Auditor
Areas to Include in an Incident Response Cybersecurity Policy
Prioritizing & Understanding Application Development
SOC 2 Academy: Designing Processes for Your Technology
SOC 2 Academy: Incident Response Best Practices
SOC 2 Academy: Incident Response Teams
SOC 2 Academy: Performing Daily Log Reviews
SOC 2 Academy: Recovering from a Security Incident
SOC 2 Academy: Testing Your Incident Response Plan
The Importance of Patching
Change Management

Change Management

Learn about the best practices for authorizing, testing, approving, and implementing changes into your environment.

View all
Document Your Configuration Management Practices
SOC 2 Academy: Change Control Processes
SOC 2 Academy: Change Management Best Practices
Other Criteria

Other Criteria

Learn what criteria from the availability, confidentiality, processing integrity, and privacy categories are applicable to your services.

View all
BMIs Culture of Security
Bento Values Transparency
Common Criteria for a SOC 2 Audit
Communicating a Plan Forward
Complete a SOC 2 Audit with Confidence
Data Security and CommunityWFM
Ed Delgado Audit Advice
Encore Exchange's Patient Centric Approach Shows in Audit
Ensure Data Is Accurate
Ensure Data Subjects Have Access to Their Data
Ensure Proper Data Destruction and Disposal
Fixed Fee IT's Continuous Improvement Shines in SOC 2 Audit
Forian's Focus on Information Security and Privacy
Fox World Travel Strives for Honesty and Integrity
Gecory Saint-Fort Audit Tip
Get Ready For Your Audit With A Growth Mindset
Get Ready with the Online Audit Manager
Greg Halpin Audit Tip
Herbert McMorris Audit Advice
Hollie Nelson Audit Tip
Jeff Pochily Audit Advice
Jeneil Russell Audit Tip
Josh Webb Audit Tip
Kevin Zack Audit Tip
Provide Notice to Data Subjects About Your Privacy Practices
SOC 2 Academy - Integration with the COSO Framework
SOC 2 Academy - Points of Focus
SOC 2 Academy - Trust Services Criteria
SOC 2 Academy- What's New with SOC 2
SOC 2 Academy: Classifying Confidential Information
SOC 2 Academy: Complete, Accurate, and Timely Outputs
SOC 2 Academy: Data Backup Processes
SOC 2 Academy: Designing and Implementing Environmental Protections
SOC 2 Academy: Documentation of Inputs
SOC 2 Academy: How Contractual Obligations Impact Confidential Information
SOC 2 Academy: How is Data Put Into Your System?
SOC 2 Academy: Identifying Logging Errors
SOC 2 Academy: Preparing for Current and Future Availability Needs
SOC 2 Academy: Quality and Accuracy of Your Data
SOC 2 Academy: Testing Your Business Continuity Plan
SOC 2 Report Criteria and FAQs- What You Need to Know About SOC 2 Compliance
Select the Right Compliance Platform
Utilize Data Minimization Techniques
What Is The SOC 2 Security Principle? What You Need to Know for SOC 2 Compliance
What is the Purpose of the SOC 2 Privacy Principle?