SOC 2 implementation and report

A framework needed by service IT companies to stay competitive

The SOC 2 audit measures the effectiveness of your systems and processes based on the AICPA Trust Service Criteria and checks adherence to information security standards and rules including Common Criteria standards.


Trusted Service Criteria

Information and systems are protected against unauthorized access, disclosure of information, and damage to systems.
Information and systems are available for operation and usage to meet the objectives.
Processing integrity
System processing is complete, valid, accurate, timely, and authorized to meet the objectives.
Information designated as confidential is protected to meet the objectives.
Personal information is collected, used, retained, disclosed, and deleted to meet the objectives.

What is evaluated during the SOC 2 audit?  


Physical, IT, and other hardware such as mobile devices.


Applications and IT system software that supports application programs, such as OS and utilities.


All personnel involved in the organization’s operations.


All automated and manual procedures.


Transmission streams, files, databases, tables, and output used or processed by your organization.

Deliverables of SOC 2 implementation

SOC 2 implementation results in a report based on Attest Engagement under Section 101 of Attestation Standards. H-X Technologies provides audit reports specifically designed for technology service providers, SaaS companies, and organizations that store data in the cloud.

Types of SOC 2 report

SOC 2 report types

Type I – A Type 1 report is a snapshot: at the time the report was compiled, the organization had the appropriate controls that made it compliant with the SOC 2 standards. The report is a starting point for building the SOC 2 Type 2 compliance.

Type II – A Type 2 report is more difficult to attain, but it also assures much stronger compliance. The organization must demonstrate adherence to the controls and policies for a period of time, and that usually requires a degree of automation and a long-term commitment.

We will help you choose which type of report is right for you.

Check out our additional services and business cases. Send the form below to request the SOC 2 compliance. Get a free consultation.

Business cases of projects we completed

Audit of smart contracts and blockchain
Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases