What it means for your organisation
SOC 2 reports are issued by independent auditors to vendors complying with any or all of the five trust principles (security, availability, processing integrity, confidentiality, and privacy).
- Define audit scope
- Choose the Trust Service Criteria to report on, and the SOC2 report type. Identify which controls and information assets address this scope.
- Readiness assessment
- Collect evidence and compare with SOC 2 compliance requirements. Identify control gaps, and bring them in line before your formal SOC 2 audit.
- Pass formal SOC 2 audit
- SOC 2 audits are performed by CPA firms, and are usually intense processes. Auditors interview many employees and seek high quality evidence.
Frameworks
Confidently enter the US market with a SOC2 report
- Tidal SOC 2 content
Predefined SOC 2 controls covering each Trust Service Criteria. Each control has test guidance, control labels, and suggested evidence.
- Test once, use many
Controls in Tidal are mapped to many existing frameworks, such as ISO and GDPR, allowing you to leverage existing results for your SOC 2 statement.
- Automated evidence collection
Collect data from your IT assets automatically and attach it to the right control activity. Receive an alert when new gaps are identified.
- Policy management
Implement and manage policies linked to the Trust Service Criteria, and automate the periodic review and approval process.
- Quality audit trail
The Feed allows your external auditors to verify the origin of evidence, and any changes made to the system of controls.
- Trust reporting
Give your customers access to a digital version of your SOC2 report, to increase trust and shorten due diligence and contracting.