What tools have been most helpful to gather evidence for a SOC 2 audit?

21.5k viewscircle icon1 Upvotecircle icon7 Comments
Sort by:
CIO in Services (non-Government)3 months ago

We have had good experience with https://tugboatlogic.com/blog/tag/soc-2-compliance-automation-software/ and moved other compliance workloads in at the same time

Chief Information Security Officer3 months ago

Risk Cognizance acts as a central hub, automating and organizing evidence collection to simplify and accelerate the entire SOC 2 audit process. www.riskcognizance.com

Partner in Software7 years ago

Assuming you have some work loads in AWS there are a number of good solutions. I have looked closely at Orkus (full disclosure that I recently was asked to become and advisor). StrongPoint is also one to consider for relevant business applications

CIO7 years ago

For our SOC2 audit we are not using a 3rd party tool for documentation collection. We simply use Excel and a folder hierarchy.

Lightbulb on1
ex-CIO7 years ago

The right person with knowledge and skills in dealing with audits and auditors is more important than which tools to use. The bonus is that the 'right person' will probably know which tools are best suited to what audit.  My opinion only...

Lightbulb on2

Content you might like

Ransomware and multifaceted extortion32%

Business email compromise41%

Third-party vendor compromise (supply chain)16%

Cloud security incidents7%

I have no idea1%

View Results

Strongly support – essential for orgs in financial services13%

Support with reservations – somewhat concerned about feasibility/cost45%

Neutral/indifferent25%

Somewhat oppose – timeframe seems unrealistic14%

Strongly oppose – could be detrimental to resource allocation or operational flexibility1%

Unsure1%

View Results