SOC 2 Plus Reports | What They Are and How They Work
Published on by Robert Ramsay, Bryan Gayhart, in SOC Reports, Video
Can’t watch the video? Get the transcript.
There are a lot of different frameworks that can be applied to SOC reporting – and when you add a framework to your SOC 2 report, you’ve got a SOC 2 Plus. In this video, leading SOC reporting pros Robert Ramsay and Bryan Gayhart explain what a SOC 2 report is and how it differs from a SOC 1 report, as well as explore the various frameworks that can be applied based on your specific reporting needs.
It’s the latest in our SOC reporting video series, which you can watch on-demand on our YouTube channel. You may also be interested in our DIY SOC reporting series, packed with great tips and insights to help you streamline your SOC reporting process and reduce costs.
Or, download our SOC reporting FAQ, packed with the questions our top SOC reporting pros are asked most often. And when you’re ready for more, contact us to set up a free consultation with our SOC reporting team. As always, we’re here to help.
Hitting the highlights
Here are a few highlights from the information-packed nine-minute video:
SOC 2 Plus reports are on the rise, and in an era where more and more critical information is stored in the cloud, data security grows more important every day. So, what is a SOC 2 Plus report? It’s essentially a SOC 2 report with extra layers built in, like ISO 27001, NIST 800-53, HIPAA, HECVAT, and other frameworks. Right now, our SOC team is seeing about 10 to 20% of SOC 2 reports including these add-ons, and that number’s growing—especially among businesses that operate globally and need to meet broader compliance standards.
And good news – if you have an existing SOC 2 structure, those additional frameworks can be mapped to that existing structure, whether it’s in the opinion, system description, or even the control testing section of the report.
