Risk Topics

How to prepare for a SOC-2 audit


Preparing for a SOC-2 audit can be daunting, but it's an undertaking in change management that can follow established practices towards predictable outcomes. Rather than a re-hash of the well-worn subject of project management, this section will be a how-to in the specific change arena of becoming an audited service organization. It's assumed that the reader is already familiar with the concepts in the "why" and "what" sections in the menu above, and already possesses:

If not, please please make sure you consider the "why" and "what" questions first. This will save you from enormous amounts of rework down the road, and will arm you with the things you need to succeed: a motivating sense of purpose; executive buy-in; and a yard-stick to measure progress.

The following articles are a collection of thoughts on beginning the actual work.

© 2013 - 2019 werneburg information risk management inc.