SOC 2
Get SOC 2 ready and pass the examination US enterprise buyers ask for.
Trust Criteria Gap
Assessed against the Trust Services Criteria
Type I & II Readiness
Prepared for point-in-time and period reports
CPA-Firm Liaison
We manage the examining CPA firm for you
SOC 2 Specialists
Experienced readiness practitioners
What it is
SOC 2 is an AICPA attestation report on a service organisation's controls relevant to security and, optionally, availability, processing integrity, confidentiality and privacy. A Type I report tests control design at a point in time; a Type II report tests design and operating effectiveness over a period, and is the de facto trust signal US enterprise buyers ask for.
Who must comply
US-market B2B SaaS and technology vendors, data processors and any service organisation whose customers demand SOC 2, usually surfaced during enterprise procurement or vendor-risk reviews.
How IntelligenceX helps
Frequently Asked Questions
Type I proves your controls are designed correctly today and is faster. Type II proves they operated over 6-12 months and is what most enterprise buyers ultimately require. We often deliver Type I, then run the observation window into Type II.
Type I readiness runs 6-10 weeks; Type II adds the observation period. Budget separately for our readiness work and the CPA firm's examination fee, which we help you scope.
Security (the Common Criteria) is mandatory; availability, confidentiality, processing integrity and privacy are optional and chosen to match what you actually promise customers. We scope only the categories your contracts and risk profile require, so the examination stays focused and the cost stays proportionate.