Secure Controls Framework
Download The SCF
SOC 2

How is SOC 2 audit scope determined?

Direct Answer

SOC 2 scope is determined by the service commitments the organization makes to customers and the boundaries of the systems used to deliver those services. The system description defines which infrastructure, software, people, processes, and data fall within scope. Scope should be defined before the audit begins, as adding components mid-audit creates delays and cost increases.

Keep Exploring

Relevant Resources

References

Authoritative Sources