Type 1 or Type 2?
There are two types in the SOC 2 standard. Type 1 is focused on ensuring that adequate controls are in place at a specific point in time.
Type 2 builds upon this by verifying that those controls are effectively operated over a period of time.
Typically businesses will aim to meet the Type 1 standard, then move to Type 2. All of the time and effort invested in Type 1 is leveraged in Type 2.
Align or Achieve?
Aligning your security practice with a standard like SOC 2 involves making sure your business adheres to the many component parts of the standard.
It may suit your business to complete the work of aligning to the standard without an external audit, or you might decide it is important to go a step further and engage an auditor to provide external assurance of your alignment to the standard. Either way, you'll need a clear plan to identify and implement all that's required.
Where does Swise fit?
Swise Security Projects are how teams manage their SOC2 alignment tasks.
Swise security experts have mapped out exactly what's involved, task by task, in aligning with SOC2 (Type 1 and 2) and Swise Projects present this in the form of a collaborative task board packed with templates, tips and helpful advice.
Swise is great for teams who want to manage their security journey alone, or with support from external security experts and auditors.
