This is assuming you are starting from scratch and covering only SOC 2 Security Criteria and not Availability, Confidentiality, Processing Integrity, and Privacy Criterias. This is also assuming that you will go for the SOC2 Type 2 Report in 12–18 Months. The Benefits of SOC2 Establishing a third party opinion…

Procedures are created and implemented with the sole intention to be read and used by the user community. Always keep the audience in mind when writing procedures. Write the procedure to reflect this level of technology. Every department has its own language. …

Sample of possible population lists from an auditor List of all in-scope application code changes related to in-house development applications that have occurred during the review period List of all network related changes to firewall and/or router rule set configurations that have occurred within the in-scope environment during the review…

[ ] Annual Meetings [ ] Background Check Process [ ] Employee Handbook [ ] Employees Acknowledgement [ ] Documented Charter [ ] Performance Reviews [ ] Organizational Chart [ ] Confidentiality Agreement [ ] Established Defined Roles [ ] Job Descriptions Documented [ ] Job Descriptions Maintained [ ]…

This is assuming there isn’t any certifications or audits completed for the organization. 3 Months Create a ISMS Policy and Define ISMS Scope Complete 27001 Gap Analysis Build a Policy Portal Develop new policies required from the 27001 Gap Analysis Develop procedures to enact the policies requirements Research and Select…