's GRC and SOC 2

22 Manual SOC 2 Criteria covered with

In order to achieve SOC 2 compliance, you don’t just have to be successful at running vulnerability scans and hardening your infrastructure.  You also need to be good at less technical controls.  SOC 2 requires organizations to oversee internal controls,  establish reporting structures, demonstrate a commitment to attract, develop and retain competent individuals, communicate with internal and external stakeholders regarding matters affecting internal control, and communicate internal control deficiencies. That’s where Work.Software comes to play.  Our checklist and meeting templates assist you with keeping track of these activities as well as other ongoing control needs and ensures actionable items are assigned to the right people to get the job done.


  • Compliance Dashboard
  • Create Custom Meetings and Link to SOC 2 Criteria and Controls
  • Auditor Access and Exports
  • Employee Evaluations and Performance Plans (CC1.4/CC1.5/CC2.2)


  • Change Advisory Board  (CC8.1)
  • Executive Review (CC1.2, Repeats frequently throughout SOC)
  • Board Meetings (CC1.2, Repeats frequently throughout SOC)
  • Security Steering Committee (CC1.2, Repeats frequently throughout SOC)
  • Business Continuity Plan Review (CC5.3/CC7.4/CC7.5)
  • Disaster Recovery Plan Review (CC5.3/CC7.4/CC7.5)
  • Business Continuity Test Retrospective (CC5.3/CC7.4/CC7.5)
  • Disaster Recovery Test Retrospective (CC5.3/CC7.4/CC7.5)
  • Sprint Retrospective (CC8.1)
  • Job Description Review (CC1.4)
  • Company Organizational Chart Review (CC1.3/CC3.4)
  • New Hire Review (CC1.4/CC6.2)
  • Department Meetings (CC1.2, Repeats frequently throughout SOC)
  • Team Meeting, e.g. server team (CC1.2, Repeats frequently throughout SOC)
  • Risk Assessment Retrospective (CC3.2)
  • Review Authorized Personnel Roles for Access to Data, Software, Functions, and Other IT Resources (CC4.1, CC6.2, CC6.3)
  • Review Personnel with Physical Access to Sensitive Locations (CC4.1, CC6.5)
  • Review Incident Response Procedures (CC7.3, CC7.4)
  • Incident Response Retrospective (CC7.4, CC7.5)


  • Employee Exit  (CC6.2/CC6.3/CC6.5)
  • Employee New Hire (CC6.2/CC6.3)
  • Employee Onboarding (CC1.1/CC1.4/CC6.2/CC6.3)
  • Hardware Deployment (CC6.1/CC6.6/CC6.8)
  • Security Policies (CC1.2/CC2.1)
  • Security Awareness Training (CC1.4/CC1.5)
  • Vendor Management Assessments (CC3.2, CC9.2)