Getting Your SOC 2 Compliance as a SaaS Company

If you haven’t heard of the term, you will soon enough. SOC 2, meaning System and Organization Controls 2, is an auditing procedure developed by the American Institute of CPAs (AICPA). Having SOC 2 compliance means you have implemented organizational controls and practices that provide assurance for the safeguarding and security of client data. In other words, you have to show (e.g., document and demonstrate) that you are acting in good faith with other people’s information. In its simplest definition, it’s a report card from an auditor.

At Rewind, before SOC 2, we had some processes in place, such as change management procedures for when emergency fixes need to be released to production quickly. But after beginning our SOC 2 journey we realized that we did not have a great way to track the reasoning behind a required emergency change, and this was required for our SOC 2 audit. So we worked with our auditor to set up a continuous auditing system for these requests, providing a long-term solution and a massive procedural improvement, offering this solution to other companies in our position. Achieving SOC 2 compliance signals to a market, that you are willing to provide assurance in the form of a third-party audit report that you will protect customer information. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *