The infrastructure work required before a SOC 2 audit — access control, logging, encryption, and monitoring — from a team with a track record of taking that work through to a passed audit, not just advising on theory.
The Trust Services Criteria your SOC 2 auditor evaluates map directly to specific infrastructure controls: access management, logging and monitoring, encryption, and change management. This is the same engineering work behind engagements ACS has taken through to a passed audit — implemented and documented before your audit window opens.
SOC 2 reports are issued by a licensed CPA firm following formal assessment — that relationship sits with your auditor or compliance platform, not with ACS. This engagement is the infrastructure work underneath that assessment, coordinated directly with whoever holds that relationship.
No — SOC 2 reports are issued by a licensed CPA firm following formal audit. ACS does the infrastructure engineering that determines whether that audit finds gaps — with a track record of taking organizations through to a passed audit.
Yes — ACS has prepared infrastructure for and passed a SOC 2 audit as part of prior engagement work.
The underlying technical controls are the same; Type II additionally requires demonstrating those controls operated effectively over a period of time. We scope readiness work around whichever you're pursuing.
Access control and least-privilege enforcement, audit logging sufficient for evidence collection, encryption configuration, and change-management processes — the technical substance behind the Trust Services Criteria your auditor evaluates.
Yes — this is the common setup. We handle infrastructure implementation; your auditor or compliance platform (Vanta, Drata, etc.) handles evidence collection and the formal audit relationship.
Ideally well before your audit window opens — implementing controls after evidence collection has started creates gaps in the evidence period. Tell us your timeline and we'll advise honestly on whether it's realistic.
Tell us your audit timeline and current infrastructure state. We'll scope what's realistic.