Welcome to part three of SOC 2 Bootcamp, covering everything involved in evidence collection! Quick Bootcamp recap—we borrowed Bluth Company and Associates from Arrested Development. Monica works for Bluth Company and is getting their SaaS product, Banana Stand, SOC 2 compliant.
In SOC 2 Bootcamp Part 1: Scoping and Auditor Selection, the Bluth Company kicked off its SOC 2 journey. Monica has internal buy-in, selected an auditor, defined Trust Service Categories, completed scoping and wrote their Service Organization’s Description of Controls.
The second webinar, SOC 2 Bootcamp Part 2: Policies and Controls, focused on the meat of SOC 2, the policies and controls. We dove into a handful of policies required for SOC 2, what’s involved and the necessary controls to stay compliant.
This third webinar is all about collecting evidence to show you’re compliant with your controls and policies.
Again, we’re taught by Jitendra Juthani, InfoSec risk and compliance expert at Tugboat Logic! He assists Monica and Bluth Company through evidence collection both manually