Guides
SOC 2 guides
The evergreen references. Start at the top if SOC 2 is new to you, or jump to the checklist if you already know you need a report.
What Is SOC 2? A Plain-English Guide
What is SOC 2? An AICPA attestation report on your security controls that buyers demand before they sign. Type I vs II, the 5 criteria, and how to get one.
The 5 SOC 2 Trust Services Criteria, Explained
SOC 2's five Trust Services Criteria: Security (required) plus Availability, Processing Integrity, Confidentiality, and Privacy, with example controls.
SOC 2 Type 1 vs Type 2: The Difference
SOC 2 Type 1 vs Type 2: Type 1 attests control design at a point in time; Type 2 proves controls operate over 3-12 months. Which to get first, and why.
The SOC 2 Readiness Checklist: Step-by-Step
A step-by-step SOC 2 readiness checklist: scope your Trust Services Criteria, run a risk assessment, harden access, and collect evidence before the audit.