Managing the move from ISO 27001 certification to SOC 2 completion

Penetration testing simulates an outside attack on your applications and network. Drata shares the types of pen tests and how to conduct one to prevent risk.

Find out about small steps you can take now to digitally transform your CPA firm.

There is nuance to this question, and other well-meaning and very smart people that I respect might give a different answer. But within the volumes of literature that set the standards, the true answer is this: There are absolutely no control requirements for SOC 2 reports.