Earn the Trust of Customers With SOC 2

A SOC 2 report allows your company to show that it's operating in a secure manner so you can win and retain more business.

by Adam Markowitz

November 18, 2020

We talk a lot about trust at Drata. It’s our ethos. There are few assets more precious, in life and in business. Jeff Weiner famously defined trust as “consistency over time.” But that begs the question, what if we don’t have a lot of time and still need to earn the trust of a prospective customer in terms of how our company secures their data? We believe the best way to earn trust is first prove that you deserve it.

That proof today for companies storing customer data in the cloud comes in the form of a clean SOC 2 report. In fact, more and more companies will only do business with partners and vendors that are SOC 2 certified, because it shows a commitment to data security that goes beyond just regulatory requirements.

Let Companies Know They Can Trust You With Their Data

A SOC 2 report allows your company to show that it’s operating in a secure manner so you can win and retain more business. The report is the result of an examination (aka “audit”) in which an independent Certified Public Accountant (CPA) aka. “auditor” assesses your company’s security posture according to the SOC 2 standard. Your security posture is made up of “controls.” A control is a policy, process, or procedure that is created to achieve a desired event or to avoid an unwanted event (example: a bicycle helmet is a control against damaging your head in the event of an accident).

The audit is where you prove that your company has specific controls in place and that they’ve been operating effectively during the audit period. Every audit is conducted in accordance with the AICPA audit guide and Attestation Standards Section 101 more commonly known as AT Section 101. “Attestation” means “evidence or proof of something.” So in other words, to prove your security controls to an auditor, your company’s employees need to routinely collect and store evidence of these controls, which can span an entire organization; from infrastructure to human resources (background screenings of employees), and almost everywhere in between.



What is the SOC 2 Standard?

SOC 2 stands for the second of three System and Organization Controls (SOC) audits and reports that are critical to information security. The SOC 2 compliance standard was developed by the American Institute of CPAs (AICPA), a member network of more than 425,000 CPAs around the world.SOC 2 specifically assesses how your company manages customer data based on 5 Trust Service Principles: security, availability, processing integrity, confidentiality, and privacy. There are two types of SOC 2 reports, each requiring a different level of assessment:

SOC 2 Type 1:

Type 1 reports cover your company’s systems and controls, and whether the assessor believes you properly address all included Trust Service Principles. The assessment for Type 1 reports is conducted at a single point in time.

SOC 2 Type 2:

Type 2 reports also cover your company’s systems and controls, but also tracks the operational effectiveness of those systems and controls over a period of time.While Type 1 reports have their place and are still worthwhile, most companies place higher value in Type 2 reports, especially when making decisions about which vendors and partners to do business with.

Where Do We Start?

Standing up your company’s security program and marching towards SOC 2 audit-readiness can be a colossal task, regardless of your experience level. From policies, procedures, and best practices to testing and collecting evidence of each – the time and resources required stack up quickly – and it only grows more complex as your company grows in size (employees, assets, etc.).

Drata was built from the ground-up to help take companies from day 1 through audit-ready and beyond. From initial policy creation, workflow management, employee onboarding to control monitoring and evidence collection – no stone was left unturned. The mission is simple – help companies earn and keep the trust of their customers and prospects when it comes to securing their data. Get a demo today, and let’s put SOC 2 on autopilot.

Trusted Newsletter
Resources for you
PCI Audits hero

PCI DSS Audit: What It Is + How to Prepare

G2 Fall Reports Thumb

Drata Shines in G2 Fall Reports

Cyberattacks on Local Govs Hero

Cyberattacks on Local Governments on the Rise, Highlighting a Need for Enhanced Security

Adam Markowitz
Adam Markowitz is the co-founder and CEO of Drata, a continuous security and compliance automation platform. Prior to Drata, Adam was the founder and CEO of Portfolium, an academic portfolio network for students and alumni to visually showcase their work and projects directly to employers, faculty, and fellow students/alumni. Portfolium was acquired by Instructure (NYSE:INST) in 2019. He also worked as an aerospace engineer designing, analyzing and testing liquid rocket engines for NASA’s next generation space launch vehicle as well as the Space Shuttle Main Engine. Adam earned a B.S. in Structural Engineering from UC San Diego and an M.S. in Astronautical Engineering from the University of Southern California.
Related Resources
SOC 2 Type 1 vs Type 2 hero

SOC 2 Type 1 vs. Type 2: How They Differ

SOC 2 Report Example hero

What Is a SOC 2 Report? [+ Example]

SOC 2 Compliance Checklist hero image

SOC 2 Compliance Checklist: 9 Key Steps To Take

SOC 2 Audit Hero Image

SOC 2 Audits: What You Can Expect From Start to Finish