The first action item on your SOC 2 checklist involves the purpose of your SOC 2. Before diving into controls, an organization needs to determine the objective of their SOC 2 report and choose relevant TSCs.
There are two types of SOC 2 reports, Type 1 and Type 2. Businesses typically start with a Type 1 and build up to a Type 2. We recommend this order for our own clients.
How do you determine which trust services principles to test for?
SOC 2 TSCs are driven by the commitments you make to your customers. What are your responsible for managing and maintaining? SOC 2 encompasses 5 TSCs:
- Processing Integrity
The only required criteria is security. For more information on Trust Service Criteria, click here.