SOC 2 Compliance

Help for Small Business

SOC 2 Type 1&2

What is SOC 2?

SOC 2 stands for Systems and Organization Controls 2 (SOC 2). There are 3 levels of SOC. SOC 1 (for Financial), SOC 2 (for Security), and SOC 3 (for Summary of SOC 2 for General Use).  SOC 2 is the standard developed by the American Institute of CPAs (AICPA) and is based on Cybersecurity Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. SOC is most applicable to Software Organizations, SAAS companies, Cloud Hosting Services, Healthcare Technology, and more.

Core Business Solutions assists small businesses in setting up and maintaining SOC 2 Compliance. We also assist in getting you prepared for Certification by an independent CPA.

Get a Free Quote

SOC 2 Compliance Consulting

Achieving SOC 2 compliance is time-consuming and complex. We are here to help.  Our process includes a dedicated SOC 2 expert consultant to walk you through each step of preparation.  The certification audit is conducted by an independent CPA firm. We get you ready and can refer you to an independent auditor once complete.

How Long Does it Take to Prepare for SOC 2?

It takes approximately 6 months to prepare for your SOC 2 certification audit.  SOC 2 Type 1 covers the design of controls, the definition of the system including a detailed description, and all important documents by the AICPA governance.

What does SOC 2 Type 2 Include?

SOC 2 Type 2 includes the determination of the operating effectiveness of the system implementation and looks back at a specific period, such as 12 months.  In SOC 2 Type 2 the controls are mapped to the AICPA guidelines. A detailed review of the documentation that supports the controls is conducted to ensure proper system implementation and system effectiveness.

Core provides dedicated training for your staff to prepare for the SOC 2 audit.    Controls will be explained to the staff and how their job impacts the operating effectiveness of the system security.

SOC 2 Description of Service Consulting

Once preparation is complete independent CPA issues a report to attest that the organization complies with SOC 2 system security.  Core will assist in drafting the sections in the SOC 2 Report that contains the Description of Service (DoS). Your organization is supposed to write the DoS section of the report, which is complex.  Core Business Solutions also provides this service to assist in a successful certification audit.

Your customers expect that the SOC 2 security status is up to date; therefore, this requires an annual review and update of all controls, documentation, and report.

What about the ISO 27001 Standard?

The ISO 27001 standard may be a better fit for your organization instead of SOC 2.  We have an article that explains the differences.  Check out the article titled SOC 2 or ISO 27001? Understanding The Difference.



Related Standards

We also provide consulting support for companies seeking multiple certifications

(such as ISO 9001 and CMMI) through an Integrated Management System.


ISO 9001

Quality Management Systems

ISO 27001

Information Security Management Systems


Capability Maturity Model

ISO 9001

ISO 27001


For more information about ISO certification for the SOC 2 Compliance, please call our consulting office at:

866-354-0300 or contact us online.