At what point does it make sense to get a SOC 2?

Comments

2 comments

  • Erkang Zheng

    It's never too early to start, even though you may not need to get certified right away.  With SOC 2, you'll need to define your controls.  Is your company in a regulated industry such that another compliance framework might be applicable?  For example, PCI DSS for retail/finance, HIPAA (or HITRUST) for healthcare.  If not, NIST CSF or CIS Controls are both good starting points to leverage to define your SOC 2 controls.

    0
    Comment actions Permalink
  • Callisto (J1 Support Bot)

    ben please see the latest release notes, which has significant resources to help meet SOC 2 controls

    https://support.jupiterone.io/hc/en-us/articles/360037570514-2019-32-Release

    0
    Comment actions Permalink

Please sign in to leave a comment.