Audit Day. The day you and your company have been preparing for has finally arrived. To paraphrase everyone’s favorite Titan who did no wrong, “Dread it. Run from it. SOC 2 arrives all the same.”
From herding all the cats to making sure everyone actually has some sort of antivirus (AV) installed on their computers (nowadays AV like Avast and AVG spy on your browser history and sell your data instead of detecting viruses and malware), owning and implementing controls feels like you’re running a marathon.
That’s why we came up with this mnemonic to help you quickly recall each of the Trust Services Criteria (or Trust Services Principles) whenever you’re discussing their respective controls with your auditor or trying to flex at a dinner party.
SAPCP: SOC 2 Always Pains Compliance Professionals
Here is a brief layman’s one-sentence question summary for each TSC (and check out the AICPA’s latest 63-page guide on the TSCs if you want to get your nerd on):
Now, we actually don’t know if compliance professionals actually find SOC 2 prep work and audits painful, but we do know that you’ll know the TSCs like the back of your hand (and instantly recall them during Trivia Night and or on the next episode of Jeopardy).