Achieving SOC 2 Type 2 compliance is no easy feat. We’d correlate reaching the end of the audit period to crossing the marathon finish line to win Olympic gold. Only instead of that heavy medal and your country’s flag slung around your shoulders, your company is now the proud owner of a shiny, hard-earned SOC 2 report… with zero exceptions.
The road to “security glory” is where champions are made. But before we dive into what it takes to become a legend, a little explanation of SOC 2…
What is SOC2?
The Service Organization Control 2, commonly known as SOC 2, is a set of criteria and an accompanying audit procedure for service providers managing customer data. The criteria defined by SOC 2 are based on five principles – security, availability, processing integrity, confidentiality, and privacy.
Under the governance of the American Institute of Certified Public Accountants (AICPA), a service organization will undergo a vigorous audit with an accredited third-party annually to ensure that organization’s adherence to the policies and procedures required.
Did we mention there are two types of reports? SOC 2 Type 1 and SOC 2 Type 2 – with Type 2 being the more rigorous of the two audits.
As a company helping customers govern and secure their cloud data security and data governance, it is safe to say Cyral takes security pretty seriously. For us, it was SOC 2 Type 2 or bust and there were a few key principles that got us to security gold.
Principles to live by on the road to SOC 2 Type 2 gold
Steady work over time. Before you embark on your SOC 2 Type 2 journey, understand that it is in fact a journey. The gold standard of security is not easily won and your organization will need to put in the work. At Cyral, we live and breathe security; it is baked into the fibers of who we are. Daily dedication to providing our customers with a means to secure their own data cloud fuels our passion to run our own shop accordingly.
World-class instincts. To our point above – we live and breathe security. We are helping our customers stay secure AND securing our own organization. That means holding ourselves to a world-class standard, where only the best will do. SOC 2 is recognized world-wide as the foremost in security compliance and we’d aim for nothing less.
Composure under pressure. It can be daunting staring down the list of controls you will need to comply with in order to win the coveted SOC 2 Type 2 compliance. Not to mention the road to victory is long. Staying composed under the pressure is critical to crossing the finish line.
Team work makes the dream work. Champions are not made in isolation. At Cyral, we believe in our team and community. When it came time to chase SOC 2 Type 2 compliance, we knew we’d need to bring in the amazing support of experts to supplement our talented internal Security team. With the help of Vanta, who not only aided in SOC 2 readiness, but will provide continuous automated security and checks throughout the year, we were ready to hit the ground running with the audit team.
Work for a bigger purpose. One of our core values here at Cyral is to build community. We strive to build community for our team members, customers, and partners, while also giving back to the security community at large. We would be remiss not to hold ourselves up to the highest standards set by this community and participate. SOC 2 truly is the gold standard for security compliance and we are thrilled to have conquered such an achievement.