At what point does it make sense to get a SOC 2?

Post author
Ben Derr

We are a pretty small company, at what point did folks decide to go for a SOC 2? 

Has JupiterOne had one done or could share any experience about this?





  • Comment author
    Erkang Zheng
    • Edited

    It's never too early to start, even though you may not need to get certified right away.  With SOC 2, you'll need to define your controls.  Is your company in a regulated industry such that another compliance framework might be applicable?  For example, PCI DSS for retail/finance, HIPAA (or HITRUST) for healthcare.  If not, NIST CSF or CIS Controls are both good starting points to leverage to define your SOC 2 controls.

  • Comment author
    Callisto (j1 support bot)

    Ben Derr please see the latest release notes, which has significant resources to help meet SOC 2 controls


Please sign in to leave a comment.