• SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Call us today! 844-OCD-TECH

Find our Location
OCD TechOCD Tech
  • SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

New to SOC 2® or Preparing for a SOC 2®?

Home New to SOC 2® or Preparing for a SOC 2®?

Increase Customer Confidence and Peace of Mind with a SOC 2®

A SOC 2® assessment provides current and potential clients with the assurance that your organization is taking the necessary steps to protect their private information. 

This helps you gain new clients and retain existing ones thereby allowing you to focus on your business with the peace of mind that you are doing all you can to ensure that customer data is protected and secure.

Preparing for a SOC 2®

Document Policies & Procedures

Clients should document their IT security and HR policies and procedures.

Understand Governance & Oversight of IT Objectives

For example: Is there a board, committee, or leadership team that have regular periodic insight and governance over IT objectives, including when there are issues.

Document Risk Management

Document the Risk management process or program which outlines the periodic assessment of risk to the company, including IT and fraud. Documenting how risks are identified by: For example: the risk and vulnerability assessment processes.

AICPA System & Organization Control (SOC®) Report by Audit Service

SOC 2®
Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.
Learn More
SOC 3®
Trust Services Report for Service Organizations
Learn More
SOC for Cybersecurity®
A cybersecurity risk management report developed by the AICPA a framework that assists organizations as they communicate relevant and useful information about the effectiveness of their cybersecurity risk management programs.
Learn More

SOC 2® Assessment and Report Types

SOC 2® Readiness Assessment

Time spent before the audit where OCD Tech identifies what processes and documentation the client has in place to meet the SOC 2® and the gaps where they don’t. The client is then responsible for remediating those gaps with OCD-Tech guidance. (1-6 months depending on the number of gaps and the clients availability to remediate them)

SOC 2® Type 1 Report

OCD Tech tests each of the processes identified by the client against the supporting policies and procedures and then prepares the supporting documentation. (About 2 weeks) The above is sent through a review process by a proofreader, QA, and CPA for review and sign off (up to 3 weeks).

SOC 2® Type 2 Report

The audit period is either 6 or 12 months. OCD Tech tests each of the processes identified by the client by reviewing evidence that the process occurred over the audit period. (testing is usually completed a month after the audit period) The above is sent through a review process by a proofreader, QA, and CPA for review and sign off (up to 3 weeks).

Find us on

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Send Message
OCD Tech logo Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

  • OCD Tech
  • 25 BHOP, Suite 407, Braintree MA, 02184
  • 844-623-8324
  • https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
– SOC 2 ® Readiness Assessment
– SOC 2 ®
– SOC 3 ®
– SOC for Cybersecurity ®

IT Advisory Services
– IT Vulnerability Assessment
– Penetration Testing
– Privileged Access Management
– Social Engineering
– WISP
– General IT Controls Review

IT Government Compliance Services
– CMMC
– DFARS Compliance
– FTC Safeguards vCISO

Industries

  • Financial Services
  • Government
  • Enterprise
  • Auto Dealerships

© 2025 — OCD Tech: IT Audit - Cybersecurity - IT Assurance

  • OCD Tech
  • About Us
  • Contact Us