Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Join AT&T Cybersecurity in Chicago to learn top 2024 resilience tactics on May 21st!

How Do I Communicate My New SOC 2 Report? SOC 2 Certified?

Home
Industry Insights
How Do I Communicate My New SOC 2 Report? SOC 2 Certified?

Blog Article Published: 01/03/2024

Originally published by MJD.

Written by Mike DeKock, CPA, Founder & CEO, MJD.

Q: How do I communicate my new SOC 2® Report? SOC 2 Certified?

A: MJD Answer

We highly recommend you do not use the phrase “SOC 2 Certified”. Yes, you see it everywhere, and your competitors are celebrating their certificate - but don’t do it because such a thing does not exist. The AICPA goes as far as to say explicitly that you should not use that phrase when referring to your SOC 2 report. Technically, it’s trademark infringement.

There isn’t an auditor jail they throw you in, and well, “everybody else is doing it,” but people will notice and raise an eyebrow toward the seriousness of your program.

And the reason it’s important is that it is foundational to the report. SOC 2 is not a control framework and doesn't offer a required level of security posture. You are reporting on and being audited against your own business objectives - so there’s nothing to certify. This is why the service can be flexible and dynamic to meet the needs of a two-person company or Google.

The best way to think about it is that the auditor is making sure you are doing what you say you will do. Or that the commitments you have made to customers and the trust they have put into you as a company has been subjected to an audit. So instead of saying “SOC 2 Certified,” you might focus on why it was important to the company and its customers and your intentions to continue building a company that prioritizes security and transparency (which, in many ways, is a much more personal touch).

You should also collect and share the official SOC for Service Organizations logo provided by The American Institute of Certified Public Accountants (AICPA). Before you do this, though, read the terms, conditions, and guidelines.

ChatGPT answer

When it comes to communicating a new SOC 2 report, there are a few key steps you can follow to ensure that the information is effectively communicated to your stakeholders. Here are some suggestions:

  1. Determine your audience: The first step in communicating your new SOC 2 report is to identify your audience. Who needs to know about the report and why? For example, you may need to share the report with customers, investors, or regulatory bodies.
  2. Choose your communication channels: Once you know your audience, you can choose the best channels for communicating your report. Some common options include email, social media, press releases, and direct mail. Consider the most effective channels for reaching your audience.
  3. Develop a messaging strategy: Craft clear and concise messaging that highlights the key findings of your report. Your messaging should emphasize the areas of your company's operations that were assessed in the report, and any steps you took to address any issues or concerns raised during the assessment.
  4. Provide context: Provide context for your report by explaining the importance of SOC 2 compliance and how it aligns with your company's overall mission and values. Help your stakeholders understand the significance of the report in the context of your industry.
  5. Follow up: After you have communicated your new SOC 2 report, be sure to follow up with your stakeholders to answer any questions they may have. Provide additional resources as needed and be prepared to address any concerns that may arise.

By following these steps, you can effectively communicate your new SOC 2 report to your stakeholders and reinforce your commitment to security and compliance.


About the Author

Most people describe me as a passionate, unconventional thinker with a unique talent for simplifying the complex. I have a degree from the University of Iowa, am a licensed CPA, and started my career as a financial statement auditor, where I developed a passion for process improvement and became a subject matter expert in applying the audit and attestation standards. I spent much of my career as a general practitioner, but when I began focusing on SOC reports in 2017, everything became clear, and I discovered the next step in my career path. I started MJD Advisors in 2021 with a niche focus on SOC reports for technology companies, and I hope I never have another job.

ComplianceStandards

Share this content on your favorite social network today!

Cloud Assurance
Related Resources
STAR
The industry's standard for security assurance in the cloud.
Certificate of Cloud Auditing Knowledge (CCAK)
The industry's first global auditing credential.
Trusted Cloud Provider
Demonstrate your commitment to holistic security.
Latest from CSA
Virtual Cloud Trust Summit 2024
AT&T Cybersecurity in Seattle
This Year’s Zero Trust Opportunity for Security Professionals
Trending This Week
#1 CCSK vs CCSP: Unbiased Comparison
#2 Demystifying Secure Architecture: Review of Generative AI Based Products and Services
#3 Managing Cloud Misconfiguration Risks
#4 Five Approaches for Securing Identity in Cloud Infrastructure
#5 Clarifying 10 Cybersecurity Terms
Audit Cloud Providers with Confidence & Enroll in STAR Lead Auditor Training
Related Articles:
How DSPM Can Help Solve Healthcare Cybersecurity Attacks

Published: 04/30/2024

Your Ultimate Guide to Security Frameworks

Published: 04/29/2024

The Future of Cloud Cybersecurity

Published: 04/29/2024

CPPA AI Rules Cast Wide Net for Automated Decisionmaking Regulation

Published: 04/26/2024