FAQs
      Back to home
      1. AssuranceLab - Knowledgebase
      2. FAQs

      How does the AssuranceLab SOC 1 & SOC 2 audit process work?

      Roadmap Timeline Process Infographic Graph

      Complete the System Description

        • The first step is to complete our System Description questionnaire. This short set of questions will set the scope of the audit and create the template for the final audit report. 
        • Access to the System Description is included as part of the initial onboarding package issued by our sales team.

      Kick Off meeting with the audit team
        • Once the system description is complete, the audit team will reach to organise a kick of meeting. 
        • This is an opportunity to meet the auditors and to discuss the logistics of the audit. 
        • It is also a chance for the team to demonstrate how the audit board works and answer any questions which may arise.

      Begin Type 1 testing 
        • Once the audit has been set up and kicked off, the Type 1 testing phase can begin. 
        • This involves uploading evidence to the audit board in line with the audit request for each control. 
        • AssuranceLab adopts an agile, incremental approach to testing, which allows us to provide real time feedback and remediated gaps as the audit progresses. 

      Testing Completion and Reporting
        • Once testing is complete, the audit then progresses into our standard 2 week internal review and reporting process. 
        • During this time we may raise queries on some controls to ensure our testing has been completed to high standards. However, this is only done where absolutely necessary.
        • At the end of the two weeks, we will then issue the final draft report which will be ready for review and signing. We then issue the final signed report within 24 hours. 

      Audit follow up and transition to Type 2
        • Once the final Type 1 report has been issued, the audit team will organise a time to debrief on the audit and discuss Type 2 timelines. 
        • The Type 2 audit involves testing controls over a period of time, known as the audit period. 
        • Once the audit period has been set, which can be either 3/6/9 or 12 months, the audit team will organise the logistics to begin the Type 2 audit at the appropriate time. 
        • The Type 2 testing phase operates the same as Type 1, with the addition of sample testing for a subset of the in scope controls.