SOC Planning and Preparation

  1. Determine the scope of the system and/or service to be included in the SOC review. 

  2. Document the infrastructure, systems, software, data, and people involved in the system.

  3. Perform a formal Risk Assessment, update policies and procedures to satisfy TSC control requirements

  4. Design and implement controls to meet controls for the specific criteria for the assessment (security, availability, processing integrity, confidentiality, or privacy).  At this step a SOC 2 type 1 report may be issued.

  5. Maintain controls and ensure they operate effectively throughout the year.  A SOC 2 type 2 report may be issued for a specified period of time.


7750 Okeechobee Blvd.

Ste 4-451

West Palm Beach, FL 33411

Tel. 866-615-4909

  • Linkedin