SOC 2 Reports
for Security and Trust
SOC 2 is the AICPA assurance framework built on the Trust Services Criteria. Basenorm centralises your SOC 2 programme across security, availability, confidentiality, processing integrity and privacy, with evidence collected continuously and an auditor-ready workspace.
Trust Services Criteria and Scope
Select applicable Trust Services Criteria, define the service scope and document the system description with boundaries and subservice organisations.
- Security (Common Criteria) as the required category
- Optional availability, confidentiality, processing integrity and privacy
- System description and scope boundaries
- Subservice organisation treatment and CUECs
- Alignment with ISO 27001 and NIST CSF
Trust Services Criteria
Type 1 vs Type 2 Comparison
Point-in-time assessment
Single date
Observation period
3-12 months
Current Observation Period
Type 1 and Type 2 Evidence
Collect design and operating effectiveness evidence throughout the observation period, with automated integrations from cloud platforms and SaaS applications.
- Type 1 as-at-a-date assessment
- Type 2 over the observation period
- Automated evidence from cloud, identity and tooling
- Sampling, testing and exception management
- Readiness scoring and gap tracking
Auditor Collaboration and Continuous Compliance
Work with your CPA firm through a structured workspace and maintain continuous compliance between SOC 2 engagements for a smoother next cycle.
- Structured request lists and deliverables
- Exception tracking and remediation
- Management assertion and system description
- Cross-mapping with ISO 27001, NIST and HIPAA
- Continuous readiness between cycles
Auditor Evidence Package
Control Tests
Sampled
Evidence Samples
Collected
Exceptions
Documented
Audit-Ready
All evidence packages complete
Ready to run SOC 2 continuously?
Join service providers using Basenorm to operate SOC 2 as a continuous programme, with mapped controls, automated evidence and an auditor-ready workspace.