Think about those a la carte sushi restaurants—the very cool ones with the circulating conveyor belts that let you select different dishes as they suit your fancy. Maybe your go-to is always California rolls, but you spot some delicious-looking Rainbow Rolls so you grab those one time. Or maybe you’re craving a Spicy Tuna roll, so you add that to your plate. Even if sushi is not quite your taste, you’d probably agree that SOC 2 audits are even less appetizing. Aside from the actual, in-depth audit process, they also require you to make a lot of decisions first, and it’s just added stress. That’s why you want to ensure that you take the audit path most helpful to you, and that includes the right criteria. SOC 2 functions a lot like that sushi conveyor belt—you have a lot of potential options. And we don’t just mean the SOC 2 Trust Services Categories (TSCs) that you have to select from to form the basis of your examination. We mean adding what is technically known as additional “subject matter.” For simplicity’s sake, we’ll just refer to it as “additional criteria.”

Matters of opinion can be pretty contentious.

When Alex Honnold scaled El Capitan in Yosemite without any kind of rope, his assessment of the risk was pretty simple.

The greatest tennis player of all time, Serena Williams, once said, “everything comes at a cost. Just what are you willing to pay for it?”

One of the most famous lines from the Spider-Man mythos goes like this: “With great power comes great responsibility.”

Do you remember the children’s game Telephone? The one where we passed a message from the creator to an endpoint, relying on others within the game to get the message to the finish line completely intact?

Though cybercrime reportedly rose 600% due to the global pandemic we’re in, it’s been a steadily growing problem for years. As you may know, suffering a data breach means you also suffer extra mitigation costs, but more critically, you lose the trust of your customer. That’s something you absolutely need to avoid, and SOC for Cybersecurity–created to help organizations particularly worried about cyberattacks–can help you do that.

Imagine you’ve been asked to renovate two kitchens. At the end, each of your two customers want to have a fully functioning room so you roll up your sleeves.