Advice on Selecting a SOC 2 Readiness Firm

  • By John Miller
  • 04 Nov, 2017

Combining business perspective and InfoSec expertise

CPA firms are not able to audit their own work because it presents a conflict of interest.  Therefore a InfoSec advisory firm (such as CAG)  is likely to handle the “readiness” or setup work and a CPA firm will perform the actual audit and issue the formal SOC 2 Report.


Engaging a firm, such as Cyber Advisory Group (CAG), to guide you through the readiness phase will ensure the actual audit goes smoothly, save time, and money since the control selection will be precise and SOC 2 Report will be on-time and without exceptions.


InfoSec expertise is critical in selecting a readiness firm.  The firm must understand the many stakeholders in InfoSec - CEO goals, budget constraints, compliance necessities, engineering work styles, and overall risk-based approaches to security (e.g. cost-benefit analysis).


Pro Tip: CAG works with the big four CPA firms as well as regional and local CPA firms.  CAG often recommends a regional firm since they offer the benefits of both expertise and flexibility.  Contact our team to learn more.

SOC 2 Type II Certification the Quick and Easy Way

By M H November 12, 2017
SOC 2 Type II Certification the Quick and Easy Way in 12 Steps

SOC 2 Business Overview - What You Need to Know

By John Miller September 3, 2017
SOC 2 Overview
More Posts