A SOC 2 Type 1 is the fastest, lowest-friction path to proving security maturity. It’s a snapshot of your control design — ideal for new or scaling businesses. As your business grows or you handle more sensitive data, Type 2 builds on this foundation by validating your operations over time.
Company Stage | Description | Hours |
---|---|---|
Foundational (0–6 months) | Just getting started, minimal controls, high support need. | 10–20 hrs |
Mature (6 months – 2 years) | Controls in place, need help accelerating final steps to audit. | 20–30 hrs |
Feature | Scope |
---|---|
🛠️ Vanta Stand-Up & Scoping | Initial Vanta configuration and security criteria mapping |
👥 HR & People Access Setup | For up to 20 users – HRIS, onboarding/offboarding integration |
☁️ Technology Integration | Single cloud stack and 1 existing Vanta-compatible integration |
📄 Policy Buildout | Based on Vanta’s included policy templates |
🎓 Vanta 101 | 1-hour orientation and tool overview for your internal team |
🖥️ Lansweeper IT Asset Mgmt | Up to 100 devices & Including Multi-Site, Vul Insights, API, Data Exports & Support |
🛡️ SentinelOne EDR | Endpoint security for up to 20 devices |
🎣 HacWare PhishPro | Phishing & security awareness for up to 20 users |
📃 SOC 2 Type 1 Audit Ready Report | Readiness for third-party SOC 2 Type 1 audit |
📃 SOC 2 Type 1 Report | SOC 2 Tpye 1 report is an attestation that evaluates a service organization’s system controls concerning the AICPA’s Trust Service Categories (TSCs) |
The following features from Vanta’s platform are leveraged in this service:
❓ Do you know what SOC 2 actually is and why your customer is asking for it?
🔍 Where is your data stored? What systems make up your environment?
🔐 What is your current risk exposure and how much sensitive data (if any) do you really process?