What’s missing in your SOC 2 report?

Upload a report that you want to be inspected and receive a custom analysis of missing controls and weak testing. Find it before a client or attacker uncovers it first!

Upload FileLearn More

Get Ready for Your SOC 2 Audit

Prepare to successfully start and complete your SOC 2 audit with our compliance checklist.

Download Checklist
Risk Mitigation

Risk Mitigation

Learn how risk management is the foundation of the control environment and provides boundaries for your audit.

View all
How to Identify, Analyze, and Manage Risks to Objectives
SOC 2 Academy - How to Manage Risks
SOC 2 Academy - What Types of Risks Does Your Organization Face?
SOC 2 Academy: Assessing Changes Within Your Organization
SOC 2 Academy: Assessing the Significance of Risk
SOC 2 Academy: How Fraud Can Impact Risk
SOC 2 Academy: Identifying Vendors as Carve-Out or Inclusive
SOC 2 Academy: Managing Vendor Risk
SOC 2 Academy: Mitigating Risks that Lead to Business Disruption
SOC 2 Academy: Risks from Business Partners
SOC 2 Academy: Using a Risk Assessment
SOC 2 Academy: Who Should Make Updates to Your Risk Assessment?
The Assessment of Fraud for SOC 2
Logical and Physical Access Controls

Logical and Physical Access Controls

Learn about what methods are required to protect your assets against unauthorized access.

View all
SOC 2 Academy: Access Controls for Remote Employees
SOC 2 Academy: Additional Points of Focus for Logical Access
SOC 2 Academy: Assigning Roles and Responsibilities
SOC 2 Academy: Dealing with External Threats
SOC 2 Academy: Disposing of Physical Devices
SOC 2 Academy: How to Perform Thorough Inventory
SOC 2 Academy: Movement of Data
SOC 2 Academy: Physical Security Controls
SOC 2 Academy: Preventing and Detecting Unauthorized Software
SOC 2 Academy: Registering Internal and External Users
SOC 2 Academy: Taking Inventory of Physical Devices
Internal Control

Internal Control

Learn how to create a control environment that is based on ethics, consistency, and accountability.

View all
Consider the Potential for Fraud in Assessing Risks
Discuss Matters Affecting Internal Controls with External Parties
Hold Individuals Accountable for Internal Control Responsibilities
Identify and Assess Changes That Could Impact Internal Controls
Management Establishes Authorities and Responsibilities
SOC 2 Academy - A Board's Independence from Management
SOC 2 Academy - Attracting, Developing, and Retaining Confident Employees
SOC 2 Academy - Communicating with External Parties
SOC 2 Academy - Communicating with Internal Parties
SOC 2 Academy - Defining the Responsibilities of Employees
SOC 2 Academy - Holding Your Employees Accountable
SOC 2 Academy - How Does an Auditor Test for Integrity?
SOC 2 Academy - Integration with the COSO Framework
SOC 2 Academy - Making Informed Decisions
SOC 2 Academy - The Importance of Organizational Communication
SOC 2 Academy: Designing Processes for Your Technology
SOC 2 Academy: Evaluations of Internal Control
SOC 2 Academy: Expectations of Policies and Procedures
SOC 2 Academy: Implementing Internal Controls
SOC 2 Academy: Internal Control Deficiencies
SOC 2 Academy: Who is Monitoring Internal Controls?
Specify Objectives for Risk Assessments
The Board of Directors Should Demonstrate Independence
Use Relevant Information to Support Internal Controls
System Operations

System Operations

Learn how to defend against malicious attacks by detecting and responding to system vulnerabilities.

View all
SOC 2 Academy: Incident Response Best Practices
SOC 2 Academy: Incident Response Teams
SOC 2 Academy: Performing Daily Log Reviews
SOC 2 Academy: Recovering from a Security Incident
SOC 2 Academy: Testing Your Incident Response Plan
Change Management

Change Management

Learn about the best practices for authorizing, testing, approving, and implementing changes into your environment.

View all
SOC 2 Academy: Change Control Processes
SOC 2 Academy: Change Management Best Practices
Other Criteria

Other Criteria

Learn what criteria from the availability, confidentiality, processing integrity, and privacy categories are applicable to your services.

View all
SOC 2 Academy: Classifying Confidential Information
SOC 2 Academy: Complete, Accurate, and Timely Outputs
SOC 2 Academy: Data Backup Processes
SOC 2 Academy: Designing and Implementing Environmental Protections
SOC 2 Academy: Documentation of Inputs
SOC 2 Academy: How Contractual Obligations Impact Confidential Information
SOC 2 Academy: How is Data Put Into Your System?
SOC 2 Academy: Identifying Logging Errors
SOC 2 Academy: Preparing for Current and Future Availability Needs
SOC 2 Academy: Quality and Accuracy of Your Data
SOC 2 Academy: Testing Your Business Continuity Plan