SAAS TRUST STANDARD

SOC 2 (Type I & II)

The essential credential for selling SaaS into the US market. Prove your security, availability, and confidentiality.

What is it?

Service Organization Control (SOC) 2 is an auditing procedure that ensures your service providers securely manage your data. It is based on five “Trust Services Criteria”: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Type I vs Type II: Type I tests your design at a single point in time. Type II tests your operational effectiveness over a period (usually 6-12 months).

The Pathway to Attestation

1. Scoping

We determine which Trust Principles apply to you (Security is mandatory; others are optional).

2. Remediation

We implement the technical controls (MFA, Encryption, Audit Logs) required to pass.

3. Observation Period

For Type II, we monitor your systems for 3-12 months to gather the necessary evidence logs.

4. Audit Report

An independent CPA firm reviews the evidence and issues your final SOC 2 report.