Templates
Information Security
SOC 2 Type 2 Compliance Checklist
📋

SOC 2 Type 2 Compliance Checklist

1
Identify and document the services in scope for the SOC 2 audit
2
Define the Trust Services Criteria relevant to services
3
Assign resources responsible for each criteria
4
Develop a system description and process flow
5
Identify, review and document existing controls
6
Evaluate the effectiveness of the controls
7
Identify and document the risks related to the services and criteria
8
Design new or modify existing controls as necessary
9
Implement controls that are not yet in place
10
Approval: Control Implementation
11
Document the implementation and operations of the controls
12
Compile and manage the evidence required for each control
13
Conduct ongoing internal audit and control activities
14
Approval: Internal Audit Results
15
Remediate any issues detected during the internal audit
16
Prepare and review final report documentation
17
Engage with external SOC 2 auditor
18
Approval: External Auditor Engagement
19
Support the external auditor during the audit cycle
20
Review, accept, and share final SOC 2 report