SOC 2 is an auditing procedure that ensures that service providers securely manage a client’s data to protect the interests of their organization and the privacy of its customers. For security-conscious businesses, SOC2 compliance is a minimal requirement when considering a SaaS provider.

What it means for your organisation

SOC 2 reports are issued by independent auditors to vendors complying with any or all of the five trust principles (security, availability, processing integrity, confidentiality, and privacy).

Define audit scope

Choose the Trust Service Criteria to report on, and the SOC2 report type. Identify which controls and information assets address this scope.

Readiness assessment

Collect evidence and compare with SOC 2 compliance requirements. Identify control gaps, and bring them in line before your formal SOC 2 audit.

Pass formal SOC 2 audit

SOC 2 audits are performed by CPA firms, and are usually intense processes. Auditors interview many employees and seek high quality evidence.
Tidal Framework image

Pass SOC 2 audits effortlessly with Tidal Control

Tidal SOC 2 content

Predefined SOC 2 controls covering each Trust Service Criteria. Each control has test guidance, control labels, and suggested evidence.

Test once, use many

Controls in Tidal are mapped to many existing frameworks, such as ISO and GDPR, allowing you to leverage existing results for your SOC 2 statement.

Automated evidence collection

Collect data from your IT assets automatically and attach it to the right control activity. Receive an alert when new gaps are identified.

Policy management

Implement and manage policies linked to the Trust Service Criteria, and automate the periodic review and approval process.

Quality audit trail

The Feed allows your external auditors to verify the origin of evidence, and any changes made to the system of controls.

Trust reporting

Give your customers access to a digital version of your SOC2 report, to increase trust and shorten due diligence and contracting.