supernav-iconDrataverse - June 22 | Drata’s inaugural user and compliance summit
HomeBlogEarn the Trust of Customers With SOC 2

Earn the Trust of Customers With SOC 2

adam

by Adam Markowitz

November 18, 2020
soc2
Share

Twitter

Facebook

Linkedin

Email

A SOC 2 report allows your company to show that it's operating in a secure manner so you can win and retain more business.

We talk a lot about trust at Drata. It’s our ethos. There are few assets more precious, in life and in business. Jeff Weiner famously defined trust as “consistency over time.” But that begs the question, what if we don’t have a lot of time and still need to earn the trust of a prospective customer in terms of how our company secures their data? We believe the best way to earn trust is first prove that you deserve it.

That proof today for companies storing customer data in the cloud comes in the form of a clean SOC 2 report. In fact, more and more companies will only do business with partners and vendors that are SOC 2 certified, because it shows a commitment to data security that goes beyond just regulatory requirements.

Let Companies Know They Can Trust You With Their Data

A SOC 2 report allows your company to show that it’s operating in a secure manner so you can win and retain more business. The report is the result of an examination (aka “audit”) in which an independent Certified Public Accountant (CPA) aka. “auditor” assesses your company’s security posture according to the SOC 2 standard. Your security posture is made up of “controls.” A control is a policy, process, or procedure that is created to achieve a desired event or to avoid an unwanted event (example: a bicycle helmet is a control against damaging your head in the event of an accident).

The audit is where you prove that your company has specific controls in place and that they’ve been operating effectively during the audit period. Every audit is conducted in accordance with the AICPA audit guide and Attestation Standards Section 101 more commonly known as AT Section 101. “Attestation” means “evidence or proof of something.” So in other words, to prove your security controls to an auditor, your company’s employees need to routinely collect and store evidence of these controls, which can span an entire organization; from infrastructure to human resources (background screenings of employees), and almost everywhere in between.

READY TO PUT COMPLIANCE ON AUTOPILOT WITH DRATA?

GET STARTED

What is the SOC 2 Standard?

SOC 2 stands for the second of three System and Organization Controls (SOC) audits and reports that are critical to information security. The SOC 2 compliance standard was developed by the American Institute of CPAs (AICPA), a member network of more than 425,000 CPAs around the world.SOC 2 specifically assesses how your company manages customer data based on 5 Trust Service Principles: security, availability, processing integrity, confidentiality, and privacy. There are two types of SOC 2 reports, each requiring a different level of assessment:

SOC 2 Type 1:

Type 1 reports cover your company’s systems and controls, and whether the assessor believes you properly address all included Trust Service Principles. The assessment for Type 1 reports is conducted at a single point in time.

SOC 2 Type 2:

Type 2 reports also cover your company’s systems and controls, but also tracks the operational effectiveness of those systems and controls over a period of time.While Type 1 reports have their place and are still worthwhile, most companies place higher value in Type 2 reports, especially when making decisions about which vendors and partners to do business with.

Where Do We Start?

Standing up your company’s security program and marching towards SOC 2 audit-readiness can be a colossal task, regardless of your experience level. From policies, procedures, and best practices to testing and collecting evidence of each – the time and resources required stack up quickly – and it only grows more complex as your company grows in size (employees, assets, etc.).

Drata was built from the ground-up to help take companies from day 1 through audit-ready and beyond. From initial policy creation, workflow management, employee onboarding to control monitoring and evidence collection – no stone was left unturned. The mission is simple – help companies earn and keep the trust of their customers and prospects when it comes to securing their data. Get a demo today, and let’s put SOC 2 on autopilot.

The Drata Newsletter

Trusted is Drata’s newsletter focused on the world of compliance, security, data privacy, and everything in between.

Secured

The Drata Community

Screen Shot 2022-07-13 at 9.45 1
Resources for you
SOC 2 policies

12 Commonly Recommended Security Policies for SOC 2

Drata + AssuranceLab

Why AssuranceLab Joined Drata’s Auditor Alliance

Asset - Compliance Uncomplicated - Nemean Services

Compliance Uncomplicated Episode 5: An InfoSec Perspective to Digital Security Success With Nemean Services

adam
Adam Markowitz
CEO and Co-Founder

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company’s security controls, while streamlining workflows to ensure audit-readiness.

Solutions

StartupScaleEnhanceDrata PlatformIntegrations
Frameworks
SOC 2ISO 27001HIPAAGDPRCustom FrameworksAll Frameworks
Resources
BlogDrata EventsWebinarsReportsCompliance GlossaryCommunityAPI Documentation
Company
Careers
HIRING
CustomersAuditorsPartnersPressContact Us
Trust
Security and ComplianceTrust CenterSystem Status
Become a Trusted Newsletter Insider

The latest security and compliance news, delivered.

Secured DesktopSecured Desktop

© 2023 Drata Inc. All rights reserved.

Privacy PolicyGDPRTermsCookiesDisclosure PolicySub-processorsData Processing Addendum