SOC 2 Guide: The Complete Hub by CertPro
SOC 2 Framework Hub — By CertPro CPA LLC

The Complete SOC 2 Framework Guide

Everything you need to understand SOC 2 — from fundamentals to audit process, report types, controls, costs and framework comparisons.

Where Are You in Your SOC 2 Journey?

Whether you are just getting started or preparing for your next audit, find the right resources for your stage.

New to SOC 2

Start with the basics — what SOC 2 is, who needs it, what the Trust Services Criteria are and how the attestation process works.

Begin Here

Preparing for an Audit

Understand the audit process, costs, timelines, evidence requirements and how to select the right licensed CPA firm.

Plan Your Audit

Building Your Controls

Learn what controls you need to implement, how the Trust Services Criteria work and what auditors test during your engagement.

Understand Controls

Welcome to the SOC 2® Guide Hub by CertPro

Whether you are a SaaS founder evaluating SOC 2 for the first time, a security lead preparing your control environment, or an enterprise buyer reviewing a vendor's attestation report — this hub covers every aspect of SOC 2 in one place. Every article is written by CertPro CPA LLC, a licensed CPA firm that issues SOC 2 attestation reports directly under AICPA AT-C Section 205.

What's in the SOC 2 Guide Hub?

Six sections covering every aspect of SOC 2 — from fundamentals to comparisons with other frameworks.

SOC 2 Overview

What SOC 2 is, who needs it, why it matters and how the attestation process works. Start here for a clear foundational understanding.

Explore

SOC 2 Report Types

Type 1 vs Type 2, report structure, bridge letters, ISAE 3402 comparison and how to read a SOC 2 attestation report.

Explore

Audit Process & Costs

How a SOC 2 audit is conducted, how long it takes, what it costs, how to choose a CPA firm and what auditors review.

Explore

Controls & Trust Services Criteria

The five Trust Services Criteria, controls list, common criteria, compliance checklists and AICPA standards explained.

Explore

Compliance & Documentation

SOC 2 compliance requirements, documentation, policies, readiness assessment, risk assessment and evidence management.

Explore

SOC 2 Comparisons

How SOC 2 compares to ISO 27001, SOC 1, SOC 3, HIPAA, PIPEDA and other frameworks — differences, overlaps and how to choose.

Explore
Get Started Today

Begin Your SOC 2 Examination with a Licensed CPA Firm.

Schedule a 30-minute scoping call with a credentialed auditor. We will identify the right examination type, discuss audit scope, and outline a clear path based on your current control environment.

Licensed CPA Firm Peer Review Enrolled

SOC 1®, SOC 2® and SOC 3® are registered trademarks of the American Institute of Certified Public Accountants in the United States. The AICPA® Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy is copyrighted by the Association of International Certified Professional Accountants. All rights reserved.

Schedule A Meeting