| I’m normally a “to each his own” guy but have to say I strongly disagree with a lot of these comments. First of all, you absolutely can do it as a solo entrepreneur - I just completed SOC 2 for the second time - this one being solo. Yes you have to be creative with how you setup checks and balances but it’s not impossible. Also, SOC 2 Type 2 is an auditor verifying that you’re actually carrying out the processes that you claimed to do in Type 1. So how do you start? You start with Type 1. I doubt you could get it under $20k but that’s the ballpark. Personally I’d recommend Vanta which will hold your hand through at least half the process. And Vanta support will recommend auditors who typically cut their rate in half because Vanta does so much of the work. Is it worth it? No way I could answer that for you. Personally I’d say half of SOC 2 is kinda bull crap and half of it is really good healthy processes. It’s definitely a commitment to get through the first audit, but after that it’s more like a 1-2 weeks of work every year. Any decent auditor will understand you’re new to the process and will coach you through it. Their goal is for you to have a good audit, so they will literally tell you what needs to be done ahead of time. I feel weird evangelizing it like this cause I’m not like a big fan, but we absolutely have clients that wouldn’t be customers if we didn’t have SOC 2. Yeah, it can be a warm and fuzzy for it groups, but that’s sales, right? My experience is once you have SOC 2 type 2, the IT approval process is far more streamlined. Not saying you should or shouldn’t, but don’t dismiss it. |