A SOC 2 audit evaluates internal controls, policies, and procedures that directly relate to the AICPA’s Trust Services Criteria (TSC).

What are the SOC 2 Trust Services Criteria (TSC).

SOC 2 has 5 Trust principles :-



A SOC 2 audit report is designed to provide assurance to service organizations’ clients, management and user entities about the suitability and effectiveness of the service organization’s controls that are relevant to security, availability, processing integrity, confidentiality and/or privacy.



  • Type 1 – an audit and report which basically evaluates the Test of Design (ToD) of the processes in place in the organization without getting into testing the effectiveness of the controls.
  • Type 2 – an audit and report which checks not only the ToD but also assesses the effectiveness of the controls over a period of time - usually a minimum of six months.


  • An opinion letter
  • Management assertion
  • A detailed description of the system or service
  • Details of the selected trust services categories
  • Tests of controls and the results of testing; and
  • Optional additional information

It also specifies whether the service organisation complies with the AICPA TSC.



Our structured approach helps us to easily determine the applicable list of risks and controls that are required to achieve SOC 2 attestation. This ensures that your organisation has adequate ‘internal controls’ over applicable security criteria, to assure any Certified Public Accountant (CPA) for issuance of SOC 2 reports.



  • Provides a recognized attestation of the effectiveness of your organization’s controls relating to security, availability, confidentiality, processing integrity and privacy;
  • Is tailored to your organization’s core business objectives and requirements;
  • Establishes trust with clients, investors and the board of directors by providing an independent audit;
  • Identifies and corrects inefficiencies;
  • Expands your business capabilities to the public sector;
  • Provides transparency into how your organisation controls and manages risk;
  • Reduces overall organizational and cyber risk;
  • Improves cyber resilience;
  • Lowers the cost of cyber insurance premiums; and
  • Reduces impact and response times from incidents.


VISTA InfoSec Information Security Specialists are senior-level experts, holding certifications such as CISSP, CISA, and CRISC to help you maintain SOC 2 compliance. We have till date delivered more than 50+ SOC 2 reports per year through our organization. Audits and consulting is provided by qualified experts, not just in strategy from a mile high vantage point but actually at the ground level. We have a dedicated team of technical experts who can guide your team right from designing effective networks to designing group policies and assessing your specialized hardware such as WAF, NAC, WIPS, IDS, Firewalls, DAM, MDM, etc… coupled with our strict “No Product Sales” policy, ensures that your organization gets the right advice from the right people. Cherry on the cake is CxO dashboard provided at no extra cost – this helps reduce the complexity of compliance efforts, and gives our clients the ability to track multiple compliance assessments, upload evidence and automate workflow all in real time. We’ve spent over a decade honing this tool so that clients can enjoy the flexibility of tracking the progress anytime anywhere. Connect with us today to learn about the time it takes to complete your SOC 2 audit and understand the approach and cost of receiving a SOC 2 report.