Whilst many frameworks and certifications, such as ISO 27001, typically expect you to certify your entire organisation or a key branch of your organisation, the scope of a SOC 2 report is limited to the delivery of specific services that involve processing client data. For example, if your organisation offers a number of services, but only a few of those services have clients requesting a SOC 2 report, you could undertake a SOC 2 audit purely on those few services and exclude the others.
Your SOC 2 report is aimed at assuring the system that delivers your service, which consists of everything you do and utilise to support the delivery of the in-scope service(s). This will include service-specific elements, such as how the service is developed, the back-office functions that support it, how the service is technically secured, etc. However, the system will also include wider, governance-related aspects that are relevant to your organisation more broadly, such as information about HR processes, how risk is managed, and how communications are managed.
From beginning to end URM made achieving PCI compliance incredibly easy & worked with us to educate us on the requirements. They were always available for a call whenever we needed to discuss queries along the way & were always flexible to our internal deadlines. We would highly recommend URM from a consultancy & auditing perspective.
Prize competition business
All you need to meet SOC 2 requirements
If your organisation has received a request for a SOC 2 report and is looking to meet all the necessary requirements, URM can offer you informed guidance and practical support.
Find out more
related BLog
Preparing for a Successful SOC 2 Audit
Published on
17 Oct
2025
URM’s blog offers key advice on what to expect from your SOC 2 audit in practice, the types of evidence you will need to provide, how best to prepare, and more.
Read more
Information Security
Published on
29/8/2025
SOC 2 ExplainedURM’s blog answers key questions about SOC 2, including what it is & who it applies to, why it is beneficial, how SOC 2 reports are structured & more.
Read more
"
URM has played a vital role in helping us and our clients achieve Cyber Essentials, Cyber Essentials Plus, and ISO 27001 certifications. URM's expertise and dedication have been key to the success of this process, and their assistance has enabled us to enhance our cybersecurity posture significantly and provide our clients with the highest level of protection against cyber threats.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.