May 18, 2023

Webinar Recap: SOC2 in the Cloud for SaaS Companies

Lightspin recently teamed up with KirkpatrickPrice to discuss best practices in achieving SOC2 compliance. Here are some of the key takeaways from our joint webinar. 

Key Takeaways 

SOC 2 is a widely recognized security certification for service organizations, which provides assurance to customers and stakeholders that an organization's systems and processes are secure and meet the necessary requirements. However, achieving SOC 2 compliance can be a complex process, and organizations often have questions about the requirements and process. 

During the webinar, the KirkpatrickPrice team answered several frequently asked questions about SOC 2 compliance, including the following: 

  • What are the different SOC 2 trust service categories? 

SOC 2 has five trust service categories: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Each of these categories has specific criteria that must be met to achieve SOC 2 compliance. 

  • What are the common areas of non-compliance in SOC 2 audits? 

Common areas of non-compliance in SOC 2 audits include lack of documented policies and procedures, inadequate access controls, insufficient security monitoring, and lack of employee training. 

  • What is the difference between a Type 1 and Type 2 SOC 2 report? 

A Type 1 SOC 2 report provides an opinion on the design of an organization's controls, while a Type 2 SOC 2 report provides an opinion on the effectiveness of the controls over a period of time. 

  • How can an organization prepare for a SOC 2 audit? 

To prepare for a SOC 2 audit, an organization should document their policies and procedures, implement appropriate controls, conduct regular security assessments, and ensure that employees are trained on security best practices. 

How Lightspin helps with SOC2 attestation? 

Lightspin can help organizations achieve SOC 2 compliance by providing continuous CSPM and CNAPP capabilities through prioritized risk assessment. Lightspin's platform uses a unique graph-based approach to visualize an organization's cloud assets and their relationships, allowing security teams to easily identify potential security risks and vulnerabilities. 

Lightspin's platform helps organizations to: 

Cover the cloud-specific Technical Services Criteria (TSC) you need to get quick auditor signoff. 

Cloud security done right, means your business should meet its compliance requirements along the way. From vulnerability management, CSPM and infrastructure as code scanning, Lightspin’s comprehensive cloud security platform gives a near “one-stop shop” for cloud-focused TSC’s. 

Easily communicate with auditors through a common visual language. 

Lightspin provides the ability to isolate permissions and accounts as needed to ensure that SOC2 requirements are met. Lightspin’s Discovery Graph feature provides the visibility auditors need to verify that complete isolation of environments is met. 

Get quick coverage to achieve your go-to-market goals. 

Lightspin’s ready-made SOC 2 compliance and attack path analysis provides all the technical controls evidence in the cloud you need, fast. 

Lightspin improves your visibility across your cloud environment and helps you see which assets are connected. This helps you better understand the context of your environment and prioritize which resources or assets must be handled first. 

Achieving SOC 2 compliance is a complex process, but Lightspin can help organizations achieve compliance by providing continuous CSPM and CNAPP capabilities prioritized risk assessment. With Lightspin's platform, organizations can easily identify potential security risks and vulnerabilities, prioritize remediation efforts, and ensure that their systems and processes meet the necessary requirements. 

For more information on how Lightspin can help your organization achieve SOC2 cloud compliance, visit us at 


About Lightspin

Lightspin’s context-based cloud security empowers cloud and security teams to eliminate risks and maximize productivity by proactively and automatically detecting all security risks, smartly prioritizing the most critical issues, and easily fixing them. For more information, visit