Find out why Strike Graph is the right choice for your organization. What can you expect?
Find out why Strike Graph is the right choice for your organization. What can you expect?
(The following originally appeared as an article in Security Boulevard)
Choosing a SOC 2 auditor can seem like a panic-inducing process. How do you find one and what should you ask them? Will they understand your unique environment, product, and challenges? It is up to you to select the auditor that best understands your organization in both its current and future states. SOC 2 is a multiyear journey, so our best advice is to select an audit firm with people that you like and trust.
It is important to establish boundaries surrounding what an auditor can and can’t do when providing SOC 2 audit services. Your auditor should be your partner along your journey. They can help you identify controls that you didn’t consider that you should also get credit for. They can suggest edits to your System Description, and help you refine the language of your controls. A great auditor will also provide post-audit recommendations and areas for future improvement.
Auditors are required to be ‘independent’ so that they meet the standards of their governing body (the AICPA). This way they can objectively opine on the System Description and the design and, in a Type 2, the effectiveness of your controls. The auditor can never perform a control, design a control, or tell you exactly what to do. Although a great auditor will have a way of dropping hints.
We have worked with many auditors and when you are in the Strike Graph family, we will refer you to a few that may be a good fit. We suggest you interview at least three auditors and ask them all the same questions. The following questions may be helpful in the selection process:
There are many other questions that you can ask, but at the end of the day remember that the firm will be with you for a few years. Make sure they understand where you are in your SOC 2 and compliance journey, that they won’t break the bank, and that you have a good rapport with them. Good Luck!
The security landscape is ever changing. Sign up for our newsletter to make sure you stay abreast of the latest regulations and requirements.
Strike Graph offers an easy, flexible security compliance solution that scales efficiently with your business needs — from SOC 2 to ISO 27001 to GDPR and beyond.
© 2024 Strike Graph, Inc. All Rights Reserved • Privacy Policy • Terms of Service
Find out why Strike Graph is the right choice for your organization. What can you expect?
Find out why Strike Graph is the right choice for your organization. What can you expect?