Considering SOC 2 Compliance?

Why you should mind SOC 2 Compliance

What is it?

Compliance with SOC 2 requirements indicates that your organization maintains a high level of information security. The SOC 2 standard is based on the following 5 Trust Services Criteria categories: Security, Confidentiality, Availability, Data Processing and Data Privacy.
When you prepare for SOC 2 for the first time you can focus on the “Security” TSC that is mandatory for the SOC 2 attestation audit. Adding other TSCs to subsequent SOC 2 audits shows that your organization is strongly committed to information security practices. Our team is here to help you getting ready for the SOC 2 certification and make your certification process go smoothly. What is our approach to ensure effective preparation for SOC 2 compliance?

Our approach

Given that a formal SOC2 audit is considered for the future, we address the SOC 2 preparation process in a SOC2-like manner.

Phase 1. Gap Assessment

Gap assessment allows verifying that all key controls are documented and in place. This process requires close review of your environment against the requirements of the criteria selected. A gap assessment serves to detect non-compliance points before beginning a SOC 2 audit and enables you to remediate the gaps.
Our team audits your environment against the criteria selected and provides you with the gap assessment matrix and report.

Phase 2. Gap Remediation

To make the gaps remediation go smoother, we propose two sub-phases, as follows:

  • Control Design. You need to define the SOC 2 controls based on which the external and independent auditor will perform the SOC 2 examination (during the formal SOC 2 audit) and attest the design and/or operating effectiveness of those controls. Stidia can help you define the SOC 2 controls.
  • Control Implementation. During this phase, Stidia will provide guidance in implementing the controls at company level and provide assistance in tailoring your policies and procedures to be aligned with the SOC 2 controls and requirements.

Phase 3. Control Operating Effectiveness

Once the gap remediation phase is completed, Stidia will verify the effectiveness of the security controls implemented.

(Optional) Formal SOC 2 audit preparation

When you will perform the formal SOC 2 audit, we can assign an expert to join your team and:

  • Assist you during pre-audit meetings.
  • Prepare the audit evidences for the external auditors.
  • Draft or review the two mandatory chapters in the SOC 2 audit report (Management Assertion Letter and IT Environment Description).


The timelines are based on the assumption that you will provide requested information / documentation on time.

Phase# Phase Duration
1 Gap Assessment 6-8 weeks
2 Gap Remediation 12-16 weeks
3 Control Operating Effectiveness 4-6 weeks
optional Formal SOC 2 audit preparation Depends on the external auditor schedule

The estimated timelines takes into consideration the time you need to answer the preliminary questionnaire and additional questions, set up meetings and create / update policies (if you opt to do it yourselves).

SOC 2 preparation is tailored to the unique needs of your organization. To better understand the status quo and narrow down the SOC 2 scope, you need to answer a set of preliminary questions. We provide you with a custom offer that best suits your organization’s scope.
We also provide additional services during and post project implementation. The following are additional services we can provide on the project upon the client request:
  • Mini SOC 2 – Yearly SOC 2 type audit
  • Web vulnerability audits, public IP range and network audits
  • Penetration tests


To provide you with a custom offer that best suits your organization’s scope, please answer the preliminary questions below and submit your answer.

Select the SOC 2 criteria you're interested in (Security is mandatory for any SOC 2)