Resources
Everything you need to know
Company
Security and customers first
Close

Request a demo

Find out today the difference that Hicomply’s unique solution can make to your business.

Close

Thank you for your request

Success

In the meantime, connect with Hicomply for insights on authentication and fraud prevention

Close

ROI Calculator

See how much you could save with Hicomply

Hicomply feature Yearly saving
Automated scoping Easily scope your ISMS with the Hicomply platform
Asset register autogeneration A shorter learning curve for organisations and a simplified process
Risk assessment Autogenerate your risk register and risk treatment plan
Extended policy templates 90% of the essential are already written out of the box
Controls framework All controls are pre-loaded and already linked to the risks they mitigate
Task management Automate all actions, administration and setup time of your ISMS
Real time monitoring Understand status and progress across your ISMS with the Hicomply dashboard
Compliance & Training Your whole team, on the same page
Audit readiness Hicomply makes sure you have everything in place for your audit
Auditor access Give auditors a dedicated login to access and audit your ISM
Back to Resource Hub

SOC 2 Compliance Checklist (2022)

Naturally, there’s a lot of preparation involved in ensuring your organisation is ready for a SOC 2 Type 2 audit. We’ve condensed the process into a handy SOC 2 compliance checklist you can use to measure your organisation’s SOC 2 preparedness.

If you need a version of our checklist to keep and update, you can also download the PDF:
Download the SOC 2 Compliance Checklist

SOC 2 Compliance Checklist

  • Does your SOC 2 report need to address:
    • Security
    • Availability
    • Confidentiality
    • Privacy
    • Processing integrity
  • Define organisational structure
  • Designate authorised employees to develop and implement policies and procedures
  • Establish working committees
  • Implement background screening procedures
  • Establish workforce conduct standards
  • Ensure clients and employees understand their role in using your system or service
  • Effectively communicate system changes to the appropriate personnel in a timely manner
  • Define your organisation’s policies and procedures relevant to the selected Trust Services Criteria
  • Undertake SOC 2 gap analysis
  • Implement necessary policies and procedures identified by gap analysis
  • Test and validate new policies and procedures
  • Perform a risk assessment
    • Identify potential threats to the system
    • Analyse the significance of the risks associated with each threat
    • Develop mitigation strategies for those risks
  • Conduct regular fraud risk assessments
  • Perform regular vendor management assessments
  • Undertake annual policy and procedure review
  • Implement physical and logical access controls
  • Limit access to data, software, functions, and other IT resources to authorised personnel based on roles
  • Restrict physical access to sensitive locations to authorised personnel only
  • Implement an access control system
  • Implement monitoring to identify intrusions
  • Develop and test incident response procedure
  • Update software, hardware, and infrastructure regularly as necessary
  • Execute a change management process to address flaws in controls
  • Establish and identify backup and recovery policies
  • Establish and identify how are you addressing environmental risks
  • Test and record your disaster recovery plan
  • Ensure data is being processed, stored, and maintained accurately and in a timely manner
  • Protect confidential information against unauthorised access, use, and disclosure
  • Identify your documented data retention policy.

Be sure to bookmark the Hicomply blog for the latest ISMS and wider data security news and research. Alternatively, book a product demo today to find out how Hicomply can help secure your company’s vital information.

More Resource Hub

ISO27001
SOC 2 Policies and Procedures
ISO27001
What Is The NHS Data Security and Protection…
ISO27001
Whitepaper | How To Choose The Best Information…