What is SOC 2? How to Obtain a SOC 2 Report

Compliance is adherence to policies that govern a company's information and cyber security. Organizations should start thinking about compliance when they offer products or services that could impact the confidentiality, integrity, or availability of their customers' information or data. Common compliance frameworks include Service Organization Controls (SOC) 1 and 2, International Standards Organization (ISO) 27001, Payment Card Industry Data Security Standards (PCI DSS), Health Information Trust Alliance (HITRUST), and Federal Risk and Authorization Management Program (FedRAMP). To achieve compliance goals, organizations can use tools/software, hire a consultant, or hire a compliance specialist. Cockroach Labs took a hybrid approach of hiring a consultant to design controls and then hiring a compliance specialist to manage the workloads.