What Are the Top Policies and Procedures Needed for a
SOC 2 Audit?

The core of SOC 2 examinations is based upon the AICPA’s Trust Services Criteria (TSC). The TSCs mandate that an organization has information documented regarding their security and operational policies, procedures, and processes in place for consistent compliance. For your convenience, A-LIGN has compiled the top twelve policies and procedures for any service organization to establish when undergoing a SOC 2 examination.

Compliance and assessment audits and services

Download now

KEY POINTS

01

As part of all SOC 2 examinations, the auditor reviews that an organization has formally documented policies and procedures relating to their information security program.

02

This guide compiles the top twelve policies and procedures for any service organization to establish when undergoing a SOC 2 examination.