top of page

SOC 2

Get audit-ready without slowing down your team.

​

SOC 2 covers your infrastructure, internal processes, documentation, people, and vendors. Most companies underestimate the scope until they are already behind.

​

IDT works with companies running production workloads on AWS and manages the full preparation process. We assess where you stand, implement and remediate what needs to change, build the documentation and evidence structure your auditor requires, and support you through the audit itself. The auditor is a licensed third party and we make sure they have everything they need to complete the engagement.

What SOC 2 preparation actually covers

IDT covers the full scope across every area your auditor will examine:

 

Technical controls: Infrastructure security, access management, encryption, logging, monitoring, incident response, and vulnerability management across all in-scope systems.

 

Policies and procedures: Access control, change management, onboarding and offboarding, incident response, vendor management, and data classification, written and audit-ready.

 

Evidence structure: A centralised evidence repository covering logs, access reviews, training records, configuration exports, and control test results, organised to what your auditor will request.

 

Vendor and third-party management: Third-party risk review, vendor SOC report evaluation, and documentation of how external dependencies are managed within scope.

 

Internal processes and staff: Preparing control owners for auditor walkthroughs and documenting that processes operate as described.

 

Physical and environmental controls: Where colocation or physical infrastructure is in scope, relevant controls assessed and documented to meet TSC requirements.

 

We support both Type I and Type II engagements.

The preparation process

We follow a structured four-step process that covers everything from initial scoping through to audit completion:

​

1. Scoping - TSC selection, system and vendor scope.

2. Gap assessment - Controls, policies, processes reviewed.

3. Remediation - Technical controls, policies and processes.

4. Personnel - Security training, roles and walkthroughs.

5. Evidence - Repository built, collection automated.

6. Readiness check - Pre-audit review, final gap closure.

7. Audit - Support and report.

Type 2

6-12 month observation

Type 1

Point-in-Time report

- SOC 2 Type I or Type II achieved without building a permanent internal compliance function

- Full preparation across infrastructure, documentation, processes, and personnel

- Evidence structure that supports ongoing compliance, not just the current audit cycle

- Your team prepared and confident going into auditor walkthroughs

Operational Outcomes

Our experts will help you implement cloud technologies to increase the flexibility, security and efficiency of your business.

SCHEDULE A FREE CONSULTATION NOW

SOC 2

Get audit-ready without slowing down your team.

​

SOC 2 covers your infrastructure, internal processes, documentation, people, and vendors. Most companies underestimate the scope until they are already behind.

​

IDT works with companies running production workloads on AWS and manages the full preparation process. We assess where you stand, implement and remediate what needs to change, build the documentation and evidence structure your auditor requires, and support you through the audit itself. The auditor is a licensed third party and we make sure they have everything they need to complete the engagement.

SOC 2

s

o

l

u

t

i

o

n

s

The risk to your business

IDT covers the full scope across every area your auditor will examine:

Infrastructure security, access management, encryption, logging, monitoring, incident response, and vulnerability management across all in-scope systems.

Technical controls

Access control, change management, onboarding and offboarding, incident response, vendor management, and data classification, written and audit-ready.

Policies and procedures

A centralised evidence repository covering logs, access reviews, training records, configuration exports, and control test results, organised to what your auditor will request.

Evidence structure

Third-party risk review, documentation of how external dependencies are managed within scope.

Vendor and third-party management

Preparing control owners for auditor walkthroughs and documenting that processes operate as described.

Internal processes and staff

Where colocation or physical infrastructure is in scope, relevant controls assessed and documented to meet TSC requirements.

Physical and environmental controls

The preparation process

We follow a structured four-step process that covers everything from initial scoping through to audit completion:

photo_2026-05-21_16-05-04.jpg

01

Scoping 

TSC selection, system and vendor scope

photo_2026-05-21_16-05-04.jpg

02

Gap assessment 

Controls, policies, processes reviewed

photo_2026-05-21_16-05-04.jpg

03

Remediation

Technical controls, policies and processes

photo_2026-05-21_16-05-04.jpg

04

Evidence

Repository built, collection automated

Type 1

Poin-in-Time Report

photo_2026-05-21_16-05-04.jpg

06

Audit

Support and report

photo_2026-05-21_16-05-04.jpg

05

Readiness check

Pre-audit review, final gap closure

OR

Type 2

6-12 month observation

Operational Outcomes

- SOC 2 Type I or Type II achieved without building a permanent internal compliance function

- Full preparation across infrastructure, documentation, processes, and personnel

- Evidence structure that supports ongoing compliance, not just the current audit cycle

- Your team prepared and confident going into auditor walkthroughs

INNOVATIVE

DIGITAL

TRANSFORMATION

Our experts will help you implement cloud technologies to increase the flexibility, security and efficiency of your business.

SCHEDULE A FREE CONSULTATION NOW

bottom of page