SOC 2: From Start to Cert for $25,000 with Hyperproof and Bonadio

Everything you need to achieve SOC 2 compliance. For a fully-inclusive fee of $25,000, you will get:

  • Customized gap assessment of current control environment
  • Assistance in helping you and your team develop your template, policies, and procedures to help expedite your SOC compliance
  • Access to experts to help you get ready for the SOC 2 exam
  • SOC 2 Type 2 exam
  • Intuitive software platform for SOC 2 implementation and maintenance

Instead of contracting with multiple vendors, you’ll work with a single team of experts to handle all of your SOC 2 compliance needs end-to-end.

Talk to Hyperproof

Hyperproof Bonadio

What You Get When You Sign Up:

  • Access to experienced SOC 2 compliance advisors: The Bonadio Group is a top 50 CPA firm known for excellent service in information risk management and audit. They’ve worked with clients in these areas for 40 years. Bonadio understands that one size doesn’t fit all and works hard to find the best solution for each individual client. Together, Hyperproof and Bonadio created this all-in-one package designed to provide you with excellent service while saving you time and money.

  • A single point-of-contact for the whole process: Instead of having to negotiate with multiple vendors -- one for audit readiness, one for the SOC 2 audit, then a third vendor to get software, you will have one point of contact who will navigate you through the full process, from start to certification.

  • Achieve compliance faster: Bonadio will be helping you through the SOC 2 process using Hyperproof’s intuitive, compliance operations software as the medium for managing your project. By using Hyperproof, Bonadio will be able to keep the entire process as streamlined and efficient as possible -- which means you’ll get your SOC 2 report faster than otherwise.

  • An improved information security program built on solid compliance operations principles: Getting a SOC 2 report isn’t just a hurdle you have to jump through in order to do business with security-conscious customers, it’s also a great opportunity for you to build a solid information security program your organization will benefit from for years to come.

Bonadio will partner with you to deeply understand your business, your data environment, key assets, key risks, and current controls. They will assist you in identifying what’s missing so that you can develop the controls needed to satisfy SOC 2 requirements and to effectively mitigate information security risks facing your organization. This approach is far more effective than using canned templates, checklists or automated steps from software vendors to build your information security program.

Does this package (the $25,000) include the actual audit/attestation?

Yes, it does. This is an all inclusive package that includes a gap assessment, advice on the creation of tailored policies, controls and procedures, audit readiness preparation, audit, and software.

What exactly is the level of support I will receive from Bonadio?

Bonadio will provide hands-on support during the entire process:

  1. Gap Assessment: Bonadio will understand what controls you already have, what policies and procedures you already have, and identify what actions you would need to take in order to achieve the SOC 2 certification within your target timeline.
  2. Policy Development: Bonadio will leverage their experience to assist you in creating policies and procedures. Because Bonadio is a world-class readiness advisor, with decades of experience in SOC 2, you can be confident that the policies and procedures you create will be appropriately tailored for SOC 2 compliance.
  3. Readiness Assessment: As progress is made in standing up your SOC 2 program, Bonadio will provide an independent look at your environment and identify key steps you’ll take to pass your audit.
  4. Bonadio will also conduct your audit. The audit will go smoothly because you’ll both have access to Hyperproof, a compliance operations platform, that makes evidence management, evidence reviews, and audit-related communications simple and seamless.
  5. Bonadio will issue your SOC 2 report.
  6. Bonadio can continue to advise you as needed after you get your SOC 2 report.

Can Bonadio help me as I develop the policies I need to meet SOC 2 requirements?

Absolutely. Bonadio will assist you in your creation of the requisite policies and procedures necessary to obtain a SOC2 report, including:

  • SOC 2 - all trust criteria
  • Security policy
  • Change Management Policy
  • Software Development Lifecycle Policy
  • Acceptable Use Policy
  • Incident Response Plan
  • Disaster Recovery Plan

And you can talk to an expert at Bonadio should you need additional assistance.

How can I reach Bonadio during my engagement with them?

Bonadio can be reached by phone or email. You will be served by highly seasoned compliance professionals, not junior consultants.

Do I really need to work with an outside firm for the entire process?

CPA firms are the only firms approved to conduct SOC 2 audits. A SOC 2 report is not valid unless it is issued by a qualified CPA firm approved by the American Institute of Certified Public Accounts (AICPA).

Technically, you are not required to work with an outside firm to do the gap assessment or the audit readiness piece. But we strongly caution against doing it all yourself if you don’t have compliance expertise internally. Some organizations have tried the DIY approach -- leveraging automated compliance checklists and templates they bought online. Buying one-size-fits-all control document templates is a simple and avoidable mistake: These control document templates will not satisfy SOC 2 compliance requirements. It also takes more time and effort to correct them than it would have taken to have crafted them correctly in the first place.

How will Hyperproof’s Compliance Operations platform help me during the SOC 2 process?

Bonadio will be standing up your SOC 2 compliance program in Hyperproof, a trail-blazing compliance operations platform that makes control mapping, evidence collection/reviews, and audit-related processes as well as communication between individuals much more efficient. Your entire population of evidence will be organized in Hyperproof. And you will be able to communicate with your auditor directly in Hyperproof during the audit.

As a result, your advisors at Bonadio and your team can get work done faster. This means you can get your SOC 2 report sooner than it could happen if you didn’t have a single platform for compliance operations.