Steps to Schedule Your SOC 2 Penetration Test:
- Schedule a 30-minute Discovery Session
- We determine IF and HOW we can help
- We provide a Tailored Proposal
- Together, we review the Proposal
Developed by the AICPA, SOC 2 is specifically designed for technology service providers that store client data in the cloud. SOC 2 applies to nearly every SaaS (Software-as-a-Service) company, as well as any company that uses the cloud to store client information. To become SOC 2 compliant, companies must conduct a cybersecurity audit. This audit analyzes five controls, known as the Trust Service Principles (TSP): security, availability, processing integrity, confidentiality, and privacy. Auditors assure that these five controls are relevant to the industry. We recommend penetration testing once a quarter as part of SOC 2 compliance.
There are two types of SOC 2 Audits – Type I and Type II. A SOC 2 Type I audit is more of a documentation review, whereas a SOC 2 Type II audit is a review of operations – control implementation effectiveness.
Penetration testing is primarily used to test control effectiveness in SOC 2 Type II audits.
Below is a high-level comparison of SOC 2 Type I and SOC 2 Type II: