You successfully completed the SOC 2 audit process, and now you have a report in hand. But why stop there? You’re also well on your way to achieving other important compliance milestones.
You Earned
a SOC 2 Report.
You’re Close to Earning Your Next Cybersecurity Compliance Certification
Contact us
Congratulations!
See what’s next
What’s next?
Click on any that apply to find out more.
If you need to publicly show your commitment to cybersecurity…
SOC 3
Learn more
If you want to maintain the security of your environment…
Learn more
Penetration Testing and Vulnerability Scans
If you do business internationally
(or work with international vendors)…
Learn more
ISO 27001
If you process, store, or transmit PII for EU residents…
Learn more
GDPR
If you do business in California…
Learn more
CCPA
If you handle patient data…
Learn more
HIPAA
If you handle credit card data…
If you handle financial data…
Learn more
SOC 1
Learn more
PCI DSS
If you do business with the Department of Defense…
If you are a cloud service provider and do business with the government…
Learn more
FedRAMP, FISMA and StateRAMP
If you are a vendor or plan to do business with Microsoft…
Learn more
Microsoft
SSPA
If you are a cloud service provider…
Learn more
CSA STAR
Learn more
CMMC,
NIST SP 800-171
A-LIGN’s A-SCEND platform makes it easy to automate your compliance audit preparation and complete multiple audits simultaneously. A-SCEND’s Crosswalk dashboard streamlines the evidence collection process for any audit and automatically tracks how close you are to completing additional certifications based on previous evidence requests issued through A-SCEND. The Crosswalk makes it easy to see how you can repurpose existing evidence and apply it to additional certifications — saving your company time and freeing up valuable resources.
The A-SCEND Crosswalk
Get a demo today
The A-LIGN team is ready to assist you with any of your cybersecurity and compliance needs. Complete the contact form and our team will reach out within 24 hours.
Talk to an Expert
A-LIGN’s A-SCEND platform makes it easy to automate your compliance audit preparation and complete multiple audits simultaneously. A-SCEND’s Crosswalk dashboard streamlines the evidence collection process for any audit and automatically tracks how close you are to completing additional certifications based on previous evidence requests issued through A-SCEND. The Crosswalk makes it easy to see how you can repurpose existing evidence and apply it to additional certifications — saving your company time and freeing up valuable resources.
If you need to publicly show your commitment to cybersecurity...
SOC 3
A SOC 3 report is a scaled-down, public-facing version of the SOC 2 report. It’s essentially a summary of all the SOC 2 information but presented in a way that’s significantly more digestible and fit for public consumption. A SOC 2 report contains confidential information and is “restricted use,” meaning only certain parties will be granted access to the report after signing a non-disclosure agreement (NDA). A SOC 3 report is a perfect piece of marketing collateral to share publicly on your website or distribute to prospective customers. This public report showcasing your organization’s commitment to cybersecurity will help your business drive revenue and scale faster. Note that a SOC 3 cannot be completed without first completing a SOC 2 audit.
SOC 2
SOC 3
If you’ve earned a full-scope SOC 2 report, you’ve completed 100% of
a SOC 3 report.
Next Steps
If you’ve already completed a SOC 2 audit, you’re well on your way to a SOC 3 report. In fact, many organizations choose to complete both reports simultaneously.
Learn More
or
Get Started
Learn More
Get Started
Next Steps
You’ve already fine-tuned your systems and processes through a SOC 2 audit. Now, engage with the team of certified penetration testers at A-LIGN to ensure your systems will remain secure when it matters most.
or
If you want to maintain the security of your environment...
Penetration Testing and Vulnerability Scans
Breach tactics are constantly evolving as hackers get more sophisticated and continue to uncover more vulnerabilities across the internet. And the consequences are severe — from regulatory fines to reputational damage, the average cost of a data breach has climbed to an all-time high of $4.35 million. As a best practice, all organizations should conduct regular vulnerability scans and penetration (pen) tests to identify risk areas and double-check the reliability of technologies and systems. One pen test per year will help you achieve and maintain SOC 2 compliance and quarterly vulnerability scans will ensure your environment is protected against newly discovered vulnerabilities on an ongoing basis. It’s best to integrate both techniques into your workflow. A dedicated effort to ongoing testing and scanning provides a layer of assurance for your organization and will potentially save you millions of dollars in data breaches.
Breach tactics are constantly evolving as hackers get more sophisticated and continue to uncover more vulnerabilities across the internet. And the consequences are severe — from regulatory fines to reputational damage, the average cost of a data breach has climbed to an all-time high of $4.35 million. As a best practice, all organizations should conduct regular vulnerability scans and penetration (pen) tests to identify risk areas and double-check the reliability of technologies and systems. One pen test per year will help you achieve and maintain SOC 2 compliance and quarterly vulnerability scans will ensure your environment is protected against newly discovered vulnerabilities on an ongoing basis. It’s best to integrate both techniques into your workflow. A dedicated effort to ongoing testing and scanning provides a layer of assurance for your organization and will potentially save you millions of dollars in data breaches.
Learn More
Next Steps
There is a lot of overlap in SOC 2’s Trust Services Criteria and the controls required to create an ISMS through ISO 27001. Sign up for a pre-assessment today and find out how close you are to achieving an ISO 27001 certification.
SOC 2
ISO 27001
If you’ve earned a full-scope SOC 2 report, you’ve already completed 58% of your ISO 27001 requirements.
If you do business internationally (or work with international vendors)...
ISO 27001
SOC 2 and ISO 27001 are two of the most popular cybersecurity assessments that organizations pursue. While they are similar in many ways, there are a few distinct differences — particularly in the structure of each assessment. SOC 2 is structured around five Trust Services Criteria (TSC) whereas ISO 27001 is a certification audit that focuses on the development and maintenance of an Information Security Management System (ISMS), which is an overarching method of managing data protection services. Another key difference — and the reason you’d want to pursue an ISO 27001 certification after completing a SOC 2 audit — is that ISO/IEC 27001:2013 is an international standard. It’s used as the principal cybersecurity standard throughout the world, unlike SOC 2 which is an American-born standard. If you do business internationally, it’s essential to earn an ISO 27001 certificate in addition to your SOC 2 audit.
Learn More
Next Steps
Your A-LIGN team is already well-versed in your organization’s cybersecurity policies and procedures and has analyzed a collection of evidence to support the findings in your SOC 2 report. Now, A-LIGN can take that evidence and compare it against GDPR standards.
If you process, store, or transmit PII for EU residents...
GDPR
Another consideration for businesses that work with customers within the European Union (EU) or collect data of EU residents, is GDPR (General Data Protection Regulation). GDPR is a law that aims to enhance the protection of personal data for residents of the EU. If your business processes, stores, or transmits personally identifiable information (PII) from EU residents, compliance is essential. In fact, non-compliance may cost your business millions of dollars in fines and impact your ability to operate in the European Economic Area (EEA) and EU Member States. While there isn’t a formal “certification” process to become GDPR compliant, organizations must undergo an assessment to analyze existing policies and practices against GDPR standards.
Learn More
Next Steps
While the SOC 1 audit process is different from the SOC 2 process, you can continue to work with the same team at A-LIGN who helped you along your SOC 2 journey to maintain continuity and build upon your established relationship.
If you handle financial data...
SOC 1
Any enterprise that handles, processes, stores, or transmits financial data — especially those whose actions affect financial reporting — should pursue a SOC 1 audit. SOC 1 is relevant for payment processors, collections organizations, benefits administrators, or SaaS MSPs that process financial statements. The audit is more specific than a SOC 2 audit and evaluates internal controls your organization has in place to protect a client’s financial data. If you handle customers’ financial data, a SOC 1 report is a must-have to scale your business. In fact, your clients and stakeholders may require it. With a completed report in hand, you can prevent costly delays in converting prospects and scale your business.
If you’ve recently earned a full-scope SOC 2 report utilizing A-SCEND, Information Technology General Controls were already covered in your SOC 2 for your in-scope system. This means you’re well on your way to a SOC 1 report!
Learn More
Next Steps
With a full-scope SOC 2 report in hand, you’ll already meet a significant number of criteria required for PCI DSS compliance. A-LIGN can expand upon your SOC 2 efforts to help you achieve PCI DSS compliance, too.
SOC 2
PCI DSS
If you’ve earned a full-scope SOC 2 report, you’ve already completed 34% of your PCI DSS requirements.
If you handle credit card data...
PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements for both merchants and service providers that transmit process, store, or affect the security of cardholder data. The standard has a much more specific focus than that of SOC 2, as the requirements are specifically meant to ensure the protection of cardholders’ personal information. Compliance is mandated by the Payment Card Brands and enforced upon merchants by their acquirer bank. The PCI DSS requires organization engaging in 3rd Party Service Provider relationships to validate and monitor the compliance status of those vendors. For most entities, this means that without a Report on Compliance (ROC) and an Attestation of Compliance (AOC) from a Qualified Security Assessor (QSA), your organization will have trouble acquiring new customers and merchants could pay hefty fines from their bank.
Learn More
Next Steps
Many of the requirements related to HIPAA compliance are the same as those evaluated in your SOC 2 audits — making this an easy add-on to your SOC 2 efforts. Also, all the HIPAA safeguards are included within a HITRUST Certification.
SOC 2
HIPAA
If you’ve earned a SOC 2 report, you have submitted 90% of your HIPAA compliance requirements.
If you handle patient data...
HIPAA
HIPAA (Health Insurance Portability and Accountability Act) is a federal law requiring organizations to keep patient data secure. If your organization stores, process, or transmits electronic protected health information (ePHI), you must be HIPAA compliant (or face harsh financial penalties!). On the road to HIPAA compliance, an auditor will evaluate your systems against a set of HIPAA safeguards. You’ll then be issued a report acknowledging your level of HIPAA compliance. With a report in hand, you can demonstrate the proper compliance levels to prospects and regulators — which allows you to gain new customers and avoid hefty fines. The two common ways to demonstrate HIPAA compliance are within a SOC 2+HIPAA Attestation report, performed by a CPA firm; or within a HITRUST Certification, performed by an approved HITRUST External Assessor.
Learn More
Next Steps
You’ve already completed your SOC 2 audit, now it’s time to ensure you comply with California’s state standards. Contact A-LIGN to continue growing your business in the state of California.
If you do business in California...
CCPA
If you do business in the state of California, you’ll need to also undergo the CCPA (California Consumer Privacy Act) certification. In 2018, California passed the CCPA to secure several privacy rights for California consumers. Earning this certification in addition to your SOC 2 report will be necessary to ensure your organization is protecting the sharing, transmission and storage of consumer data for California residents.
Learn More
Next Steps
Adding CMMC and NIST 800-171 to your compliance portfolio will elevate your cybersecurity posture and ensure you’re able to do business with the DoD. After completing your SOC 2 report, CMMC and NIST 800-171 might be closer than you think!
If you do business with the Department of Defense...
CMMC, NIST SP 800-171
If you’re working with the Department of Defense (DoD), a SOC 2 alone is not enough to provide your organization’s cybersecurity compliance. The Cybersecurity Maturity Model Certification (CMMC) was developed by the DoD to ensure that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks. For organizations that handle Controlled Unclassified Information (CUI) or Covered Defense Information (CDI), NIST 800-171 compliance is essential.
If you are a vendor or plan to do business with Microsoft...
Microsoft SSPA
If you work with Microsoft, it’s imperative to demonstrate that your security and privacy considerations are up to their standards. Microsoft requests that all vendors who collect, store or process customer, partner or employee information meet the requirements within the Supplier Security and Privacy Assurance Program (SSPA). Earning Microsoft SSPA will ensure your Microsoft supplier access stays active and business operations are uninterrupted. This certification in addition to your SOC 2 will accelerate your revenue and market growth, and helps differentiate your business.
Learn More
Next Steps
With your full-scope SOC 2 report in hand, your Microsoft SSPA certification is on it’s way to completion. As a Microsoft Preferred Assessor, A-LIGN has the experience needed to address any of your Microsoft SSPA needs.
SOC 2
Microsoft SSPA
If you’ve recently earned a full-scope SOC 2 report, you’ve already completed 60% of your Microsoft SSPA requirements.
Learn More
Next Steps
As an accredited FedRAMP 3PAO (Third Party Assessment Organization) and one of the top FedRAMP assessors in the world, A-LIGN helps organization achieve both FedRAMP and StateRAMP Ready status and full authorization as well as FISMA compliance.
SOC 2
FedRAMP
If you’ve earned a SOC 2 report, you’ve completed 15% of your FedRAMP and 15% of your FISMA requirements.
If you are a cloud service provider and do business with the government...
FedRAMP, FISMA and StateRAMP
To work with the Federal government, organizations must prove their commitment to cybersecurity. And unfortunately, a SOC 2 report alone won’t cut it. As a CSP, you’ll win more business and stand out from the competition with FedRAMP Ready status or ATO (Authority to Operate). FedRAMP is specifically for cloud products and services used by federal agencies to store, process and transmit federal information in the cloud.
If you’re working with State, Local and Educational (SLED) government agencies,
it will be increasingly necessary to earn StateRAMP certification to store, process and transmit SLED information in the cloud.
FISMA (Federal Information Security Modernization Act) is not a standard: it is a United States federal law requiring federal agencies to develop, document, and implement an agency-wide program to provide information security for the information and systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other sources. Adding FISMA compliance to your SOC 2 will ensure your organization is meeting the standards and requirements of an agency’s cybersecurity program.
FISMA
Learn More
Next Steps
As a CSA STAR assessor, A-LIGN can help ensure your organization is included on the CSA STAR registry with an attestation. With your full-scope SOC 2 report, you’re close to earning your CSA STAR attestation!
If you are a cloud service provider...
CSA STAR
CSA STAR (Cloud Security Alliance Security Trust Assurance and Risk Registry) assessments use an assurance framework that enables cloud services providers to assess cloud-specific controls within their existing compliance program. Adding CSA STAR to your SOC 2 assessment is a well-recognized way to demonstrate your organization’s capabilities and maturity surrounding your cloud security controls. Undergoing the CSA STAR audit also validates that your organization takes measures to demonstrate your security capabilities, and provides peace of mind for new and existing customers that their information is protected.
You successfully completed the SOC 2 audit process, and now you have a report in hand. You have secured your systems and information and are driving additional revenue with your demonstrated commitment to cybersecurity.
But why stop there? As a benefit to the successful completion of a SOC 2 audit, you’re also well on your way to achieving other important compliance milestones.
Contact Us
If you want to maintain the security of your environment...
Penetration Testing and Vulnerability Scans
Learn More
Get Started
Next Steps
There is a lot of overlap in SOC 2’s Trust Services Criteria and the controls required to create an ISMS through ISO 27001. Sign up for a pre-assessment today and our experts can tell you how close you are to achieving an ISO 27001 certification.
If you do business internationally (or work
with international vendors)...
ISO 27001
SOC 2 and ISO 27001 are two of the most popular cybersecurity assessments that organizations pursue. While they are similar in many ways, there are a few distinct differences — particularly in the structure of each assessment. SOC 2 is structured around five Trust Services Criteria (TSC) whereas ISO 27001 is a certification audit that focuses on the development and maintenance of an Information Security Management System (ISMS), which is an overarching method of managing data protection services. Another key difference — and the reason you’d want to pursue an ISO 27001 certification after completing a SOC 2 audit — is that ISO/IEC 27001:2013 is an international standard. It’s used as the principal cybersecurity standard throughout the world, unlike SOC 2 which is an American-born standard. If you do business internationally, it’s essential to earn an ISO 27001 certificate in addition to your SOC 2 audit.
If you’ve already completed a SOC 2 audit, you’re well on your way to a SOC 3 report. In fact, many organizations choose to complete both reports simultaneously.
or
SOC 2
ISO 27001
If you’ve earned a full-scope SOC 2 report utilizing A-SCEND, you’ve already completed 58% of your ISO 27001 requirements.
Learn More
Get Started
Next Steps
Your A-LIGN team is already well-versed in your organization’s cybersecurity policies and procedures and has analyzed a collection of evidence to support the findings in your SOC 2 report. Now, A-LIGN can take that evidence and compare it against GDPR standards.
or
Another consideration for businesses that work with customers within the European Union (EU) or collect data of EU residents, is GDPR (General Data Protection Regulation). GDPR is a law that aims to enhance the protection of personal data for residents of the EU. If your business processes, stores, or transmits personally identifiable information (PII) from EU residents, compliance is essential. In fact, non-compliance may cost your business millions of dollars in fines and impact your ability to operate in the European Economic Area (EEA) and EU Member States. While there isn’t a formal “certification” process to become GDPR compliant, organizations must undergo an assessment to analyze existing policies and practices against GDPR standards.
If you process, store, or transmit PII for EU residents...
GDPR
Learn More
Get Started
Next Steps
or
While the SOC 1 audit process is different from the SOC 2 process, you can continue to work with the same team at A-LIGN who helped you along your SOC 2 journey to maintain continuity and build upon your established relationship.
If you handle financial data...
SOC 1
Any enterprise that handles, processes, stores, or transmits financial data — especially those whose actions affect financial reporting — should pursue a SOC 1 audit. SOC 1 is relevant for payment processors, collections organizations, benefits administrators, or SaaS MSPs that process financial statements. The audit is more specific than a SOC 2 audit and evaluates internal controls your organization has in place to protect a client’s financial data. If you handle customers’ financial data, a SOC 1 report is a must-have to scale your business. In fact, your clients and stakeholders may require it. With a completed report in hand, you can prevent costly delays in converting prospects and scale your business.
Learn More
Get Started
Next Steps
or
With a full-scope SOC 2 report in hand, you’ll already meet a significant number of criteria required for PCI DSS compliance. As a Qualified Security Assessor Company, A-LIGN can expand upon your SOC 2 efforts to help you achieve PCI DSS compliance, too.
If you handle credit card data...
PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements for both merchants and service providers that transmit process, store, or affect the security of cardholder data. The standard has a much more specific focus than that of SOC 2, as the requirements are specifically meant to ensure the protection of cardholders’ personal information. Compliance is mandated by the Payment Card Brands and enforced upon merchants by their acquirer bank. The PCI DSS requires organization engaging in 3rd Party Service Provider relationships to validate and monitor the compliance status of those vendors. For most entities, this means that without a Report on Compliance (ROC) and an Attestation of Compliance (AOC) from a Qualified Security Assessor (QSA), your organization will have trouble acquiring new customers and merchants could pay hefty fines from their bank.
SOC 2
PCI DSS
If you’ve earned a full-scope SOC 2 report, you’ve already completed 34% of your PCI DSS requirements.
Learn More
Get Started
Next Steps
or
Many of the requirements related to HIPAA compliance are the same as those evaluated in your SOC 2 audits — making this an easy add-on to your SOC 2 efforts. Also, all the HIPAA safeguards are included within a HITRUST Certification.
If you handle patient data...
HIPAA
HIPAA (Health Insurance Portability and Accountability Act) is a federal law requiring organizations to keep patient data secure. If your organization stores, process, or transmits electronic protected health information (ePHI), you must be HIPAA compliant (or face harsh financial penalties!). On the road to HIPAA compliance, an auditor will evaluate your systems against a set of HIPAA safeguards. You’ll then be issued a report acknowledging your level of HIPAA compliance. With a report in hand, you can demonstrate the proper compliance levels to prospects and regulators — which allows you to gain new customers and avoid hefty fines. The two common ways to demonstrate HIPAA compliance are within a SOC 2+HIPAA Attestation report, performed by a CPA firm; or within a HITRUST Certification, performed by an approved HITRUST External Assessor.
SOC 2
HIPAA
If you’ve earned a SOC 2 report, you have submitted 90% of your HIPAA compliance requirements.
Learn More
Get Started
Next Steps
or
You’ve already completed your SOC 2 audit, now it’s time to ensure you comply with California’s state standards. Contact A-LIGN to continue growing your business in the state of California.
If you do business in California...
CCPA
If you do business in the state of California, you’ll need to also undergo the CCPA (California Consumer Privacy Act) certification. In 2018, California passed the CCPA to secure several privacy rights for California consumers. Earning this certification in addition to your SOC 2 report will be necessary to ensure your organization is protecting the sharing, transmission and storage of consumer data for California residents.
Learn More
Get Started
Next Steps
or
As a CSA STAR assessor, A-LIGN can help ensure your organization is included on the CSA STAR registry with an attestation. With your full-scope SOC 2 report, you’re close to earning your CSA STAR attestation!
If you are a cloud service provider...
CSA STAR
CSA STAR (Cloud Security Alliance Security Trust Assurance and Risk Registry) assessments use an assurance framework that enables cloud services providers to assess cloud-specific controls within their existing compliance program. Adding CSA STAR to your SOC 2 assessment is a well-recognized way to demonstrate your organization’s capabilities and maturity surrounding your cloud security controls. Undergoing the CSA STAR audit also validates that your organization takes measures to demonstrate your security capabilities, and provides peace of mind for new and existing customers that their information is protected.
Learn More
Get Started
Next Steps
or
With your full-scope SOC 2 report in hand, your Microsoft SSPA certification is on it’s way to completion. As a Microsoft Preferred Assessor, A-LIGN has the experience needed to address any of your Microsoft SSPA needs.
If you are a vendor or plan to do business with Microsoft...
Microsoft SSPA
If you work with Microsoft, it’s imperative to demonstrate that your security and privacy considerations are up to their standards. Microsoft requests that all vendors who collect, store or process customer, partner or employee information meet the requirements within the Supplier Security and Privacy Assurance Program (SSPA). Earning Microsoft SSPA will ensure your Microsoft supplier access stays active and business operations are uninterrupted. This certification in addition to your SOC 2 will accelerate your revenue and market growth, and helps differentiate your business.
SOC 2
Microsoft SSPA
If you’ve recently earned a full-scope SOC 2 report utilizing A-SCEND, you’ve already completed 60% of your Microsoft SSPA requirements.
Learn More
Get Started
Next Steps
or
As an accredited FedRAMP 3PAO (Third Party Assessment Organization) and one of the top FedRAMP assessors in the world, A-LIGN helps organization achieve both FedRAMP and StateRAMP Ready status and full authorization as well as FISMA compliance.
If you are a cloud service provider and
do business with the government...
FedRAMP, FISMA and StateRAMP
To work with the Federal government, organizations must prove their commitment to cybersecurity. And unfortunately, a SOC 2 report alone won’t cut it. As a CSP, you’ll win more business and stand out from the competition with FedRAMP Ready status or ATO (Authority to Operate). FedRAMP is specifically for cloud products and services used by federal agencies to store, process and transmit federal information in the cloud.
If you’re working with State, Local and Educational (SLED) government agencies, it will be increasingly necessary to earn StateRAMP certification to store, process and transmit SLED information in the cloud.
FISMA (Federal Information Security Modernization Act) is not a standard: it is a United States federal law requiring federal agencies to develop, document, and implement an agency-wide program to provide information security for the information and systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other sources. Adding FISMA compliance to your SOC 2 will ensure your organization is meeting the standards and requirements of an agency’s cybersecurity program.
SOC 2
FedRAMP
If you’ve earned a SOC 2 report, you’ve completed 15% of your FedRAMP and 15% of your FISMA requirements.
FISMA
Learn More
Get Started
Next Steps
Adding CMMC and NIST 800-171 to your compliance portfolio will elevate your cybersecurity posture and ensure you’re able to do business with the DoD. After completing your SOC 2 report, CMMC and NIST 800-171 might be closer than you think!
or
If you’re working with the Department of Defense (DoD), a SOC 2 alone is not enough to provide your organization’s cybersecurity compliance. The Cybersecurity Maturity Model Certification (CMMC) was developed by the DoD to ensure that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks. For organizations that handle Controlled Unclassified Information (CUI) or Covered Defense Information (CDI), NIST 800-171 compliance is essential.
If you do business with the Department of Defense...
CMMC, NIST SP 800-171
Get a Demo Today
As a Top 3 FedRAMP Assessor and C3PAO, the A-LIGN team is ready to assist you with any of your FedRAMP needs, or any of your cybersecurity and compliance needs. Complete the contact form and our team will reach out within 24 hours.
Talk to an Expert
Get started
Get started
Get started
Get started
Get started
Get started
Get started
Get started
Get started
Get started
Get started
SOC 2
SOC 3
If you’ve earned a full-scope SOC 2[CEROS OBJECT]
SOC 2
SOC 1
If you’ve earned a full-scope SOC 2 report, you have met 100% of evidence requirements for SOC 1.
Get started