Service Organization Controls (SOC)2


Service Organization Controls (SOC) 2 compliance are explicitly prescribed for service based organisations such as SaaS Providers, Data Center/ Colocations, Document Production, and Data Analytics providers. It is used to assure trust about the service provider among its users. Such controls affect the security, availability and integrity of the systems, used by the service organization to process users’ data. It is primarily carried out to ensure adherence to Trust Service Principles.

The Trust Service Principles(TSP) which forms the basis of SOC 2 are built on four major verticals: Policies, Communications, Procedures, and Monitoring. Kratikal helps you expertly monitor and implement the controls necessary to achieve the TSP as laid down under by SysTrust and WebTrust principles


Stage I: Scope Determination
Here we understand the business context. We discuss the need and requirements of SOC 2 under the current set of IT infrastructure of the company.

Stage II: Gap Analysis
It includes asset identification, risk assessment, and existing control identification. Based on the Trust Service Principles, we conduct gap analysis to check deviation under security, availability, processing integrity, confidentiality and privacy controls in the organisation.

Stage III: Implementation
In this phase we help implement a detailed set of controls like Multifactor Authentication, Encryption, Access Controls to ensure that the service infrastructure follows the SysTrust and WebTrust principles. We then conduct an efficiency check to determine the efficiency of the controls introduced.

Stage IV: Internal Audit
Under this phase we securely check whether the controls implemented and the processes introduced are being followed in the organisation.

Stage V: Certification Proccess
It is carried out by independent auditors (generally a US-based CPA), not by the implementers. We help you find suitable auditor for the certification process and help throughout the process.

Depending upon the number of employees, scale of organisation, IT Assets and geographical spread, the exact duration of the process will vary.

For more details, you can drop a mail to Our customer facilitators will call you back.


Ensure the security, availability, processing integrity, confidentiality and privacy of your organisation.

Improve the degree of trust in the service offerings of your organisations among your prospective clients.

Gain better understanding of risk management in service industry.

SOC2 is custom made for outsourced service providers, hence handles risk mitigation better than other compliances.

Offer your clients, a separate audit report focusing on internal controls and not just the financial controls as highlighted in the other SOC versions.