Whenever anyone considers an Internet search, the first thought is generally Google. That’s the big name that everyone uses. It’s works similarly in most other industries—if there’s not one, there’s a few big players that occur to people before any others.

“The beginning is the most important part of the work.”

Think about those a la carte sushi restaurants—the very cool ones with the circulating conveyor belts that let you select different dishes as they suit your fancy. Maybe your go-to is always California rolls, but you spot some delicious-looking Rainbow Rolls so you grab those one time. Or maybe you’re craving a Spicy Tuna roll, so you add that to your plate. Even if sushi is not quite your taste, you’d probably agree that SOC 2 audits are even less appetizing. Aside from the actual, in-depth audit process, they also require you to make a lot of decisions first, and it’s just added stress. That’s why you want to ensure that you take the audit path most helpful to you, and that includes the right criteria. SOC 2 functions a lot like that sushi conveyor belt—you have a lot of potential options. And we don’t just mean the SOC 2 Trust Services Categories (TSCs) that you have to select from to form the basis of your examination. We mean adding what is technically known as additional “subject matter.” For simplicity’s sake, we’ll just refer to it as “additional criteria.”

Matters of opinion can be pretty contentious.

When Alex Honnold scaled El Capitan in Yosemite without any kind of rope, his assessment of the risk was pretty simple.

The greatest tennis player of all time, Serena Williams, once said, “everything comes at a cost. Just what are you willing to pay for it?”

One of the most famous lines from the Spider-Man mythos goes like this: “With great power comes great responsibility.”

Do you remember the children’s game Telephone? The one where we passed a message from the creator to an endpoint, relying on others within the game to get the message to the finish line completely intact?