System and Organization Controls 2

Preparing for and passing a SOC examination is an exhaustive process, but it will increase your company’s profitability, cost-savings, competitive edge, and minimize the risk associated with your existing relationships. The SOC governing body, American Institute of Certified Public Accountants (AICPA), has set baselines for service organizations regarding the security, confidentiality, availability, processing integrity, and privacy of systems used to protect confidential user data.


Auditor required to apply?
Yes. By a CPA.

Federal, state, or industry requirement?

Why Seek SOC 2?

  • Give customers confidence in the security of their data while using your software.
  • Supply the results of auditor tests, proving your success with processing and controls.
  • Access new opportunities in markets that require SOC 2 compliance.
  • Grow the number of partners and customers willing to do business with you.

A Typical SOC 2 Engagement

SOC 2 is a report on an organization. Audits are performed every 12 months.

Timeline: 3-6 months based on CPA availability.

Day 0

Project initiation and orientation

Day 1

Begin creating policies and processes

Day 30

Supply 33% of policies and procedures

Day 45

Conduct risk assessment

Day 60

Supply 66% of policies and procedures

Day 75

Conduct incident response exercise

Day 90

Supply 100% of policies and procedures

Start onsite audit support with CPA

Day 120

Finish audit support

Day 140

Respond to auditor draft report

Day 150

Receive SOC 2 report

Let’s get you on the right track.

Fill out the form to talk to a Neutral Partners expert about SOC 2, and we’ll be in touch as soon as possible.

"*" indicates required fields