Read as
Why this module exists. SOC 2 audit is the de facto requirement for any Indian B2B SaaS selling to enterprise customers, especially US-based. The Type I vs Type II distinction, the Trust Services Criteria, and the operational discipline required for Type II are routinely under-estimated. This module covers the SOC 2 audit programme from internal perspective.
Why this module exists. Most Indian SaaS companies aim for SOC 2 because their customers demand it. The discipline differs materially from ISO 27001 — different framework, different cadence, different auditor expectations. This module is the practitioner navigation.
The fundamentals
- SOC 2 = Service Organization Controls 2. AICPA-defined framework.
- Auditor is a licensed CPA firm.
- Output is a SOC 2 report — Type I (point-in-time) or Type II (over a period, typically 6-12 months).
- Five Trust Services Criteria (TSC): Security (mandatory), Availability, Processing Integrity, Confidentiality, Privacy. Pick which apply.
DPDP Act in your stack?
Get a DPDP gap assessment
Free 30-minute call. We map your data flows against DPDP §8 obligations and tell you exactly which gaps to fix first. Auditor-defensible output.
Book DPDP scoping call
Replies in 4 working hrs · India-only · Senior consultants