01 What is it?
SOC 2 Type II is the AICPA's audit framework for technology service providers, evaluating the operating effectiveness of controls across security, availability, confidentiality, processing integrity and privacy. It is the de-facto trust signal expected of any SaaS or B2B vendor.
02 Why implement it?
- Expected trust signal for SaaS and B2B vendors
- Type II proves controls operate effectively over time
- Covers security, availability, confidentiality and privacy
- Maps cleanly to ISO 27001 and most regulatory regimes
- Audit-ready, attested by accredited auditors
03 How I help
I help organisations design the control set for SOC 2 Type II, run the readiness assessment, implement the missing controls, prepare the evidence pack, and coordinate with the auditor through the observation window.
04 Expected deliverables
- SOC 2 Type II readiness assessment
- Control set across the trust services criteria
- Evidence pack and ongoing collection process
- Auditor coordination and observation-window plan
- Operating model post-audit