A tailored course, built for your situation
Own the SOC 2 narrative end to end
From execution to ownership in your current role
The situation this course is for
High-performing individuals often execute critical SOC 2 work but remain excluded from narrative control, the decisions that define scope, evidence flow, and final reporting. This gap limits visibility and slows recognition, even when delivery is flawless.
Who this is for
IC at a global services firm, delivering compliance-adjacent work in Salesforce environments with growing responsibility but not full ownership of the audit lifecycle
Who this is not for
Those looking to transition into compliance from another function, or practitioners outside service delivery roles with no exposure to control frameworks
What you walk away with
- Define and defend SOC 2 scope without escalation
- Direct evidence collection across technical teams with confidence
- Finalise the SoA with input authority, not just review access
- Lead internal prep cycles for Type I and Type II audits
- Document a repeatable playbook that anchors future engagements
The 12 modules (with all 144 chapters)
- Purpose of SOC 2 beyond compliance
- Types of engagements Type I vs Type II
- Role of service org vs user entity
- Trust services criteria breakdown
- Mapping client needs to scope
- When to involve legal or security
- Defining system boundaries
- Identifying subservice orgs
- Common boundary pitfalls
- Internal documentation standards
- Stakeholder alignment points
- First draft of system description
- What makes a control testable
- Designing for operating effectiveness
- Control objectives vs activities
- Common criteria pairings
- Leveraging prewritten policies
- Customising control language
- Ownership markers in documentation
- Version control practices
- Change management triggers
- Control hierarchy design
- Linking controls to risks
- Audit trail expectations
- Evidence types by criterion
- Sampling strategies defined
- Timeline for collection cycles
- Assigning evidence owners
- Follow-up escalation paths
- Tooling for tracking status
- Common Salesforce gaps
- Integration point controls
- User access review evidence
- Change management logs
- Incident response documentation
- Preparing for surprise requests
- Structure of the system description
- Narrative vs technical sections
- Describing Salesforce configurations
- Role of sandboxes and dev orgs
- Data flow descriptions
- Security baseline statements
- Availability controls explained
- Confidentiality boundaries
- Privacy statement alignment
- Change management narrative
- Vendor management integration
- Final sign-off workflow
- Pre-audit checklist finalisation
- Internal walkthrough facilitation
- Mock Q&A preparation
- Common auditor questions
- Response drafting standards
- Evidence packet assembly
- Version control during audit
- Tracking auditor requests
- Coordination with legal
- Handling scope changes
- Post-audit follow-up items
- Lessons learned documentation
- Status reporting cadence
- Escalation protocols
- Writing for technical teams
- Summarising for leadership
- Translating auditor feedback
- Managing client expectations
- Presentation templates
- Email update standards
- Meeting agenda design
- Q&A readiness drills
- Conflict resolution language
- Documentation retention rules
- Classifying finding severity
- Root cause identification
- Ownership of action plans
- Timeline negotiation
- Verification methods
- Evidence of closure
- Linking to control updates
- Change requests in Salesforce
- User access cleanup
- Policy update cycles
- Training documentation
- Audit trail closure
- Template structure design
- Version control setup
- Repository naming standards
- Access control for teams
- Integration with Jira
- Linking to Salesforce orgs
- Updating after audits
- Onboarding new members
- Cross-project reuse
- Client-specific adaptations
- Security classification
- Retention and archiving
- Initiating vendor assessments
- Reviewing SOC 2 reports
- Asking follow-up questions
- Documenting acceptance
- Risk scoring methodology
- Exception handling
- Communication templates
- Follow-up timing
- Internal sign-off flow
- Integration with procurement
- Salesforce-specific vendors
- Cloud service add-ons
- Building credibility fast
- Asking strategic questions
- Offering pre-engagement input
- Documenting best practices
- Hosting brown bags
- Creating FAQs
- Feedback loops with teams
- Metrics for influence
- Tracking advisory impact
- Recognition pathways
- Mentorship opportunities
- Cross-functional visibility
- Automated evidence triggers
- Salesforce report scheduling
- User access review automation
- Change detection alerts
- Log retention checks
- Integration with CI/CD
- Monthly control checks
- Quarterly review cycles
- Updating control tests
- Alert response workflows
- Documentation updates
- Stakeholder notifications
- Identifying replication candidates
- Adapting playbooks
- Training others
- Documenting lessons
- Measuring efficiency gains
- Sharing templates
- Client-specific tailoring
- Feedback integration
- Version promotion
- Leadership reporting
- Cross-team coordination
- Success story collection
How this maps to your situation
- When preparing for first SOC 2 audit
- During evidence collection phase
- After auditor feedback received
- Before renewal cycle begins
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: Approximately 3 hours per week over 4 weeks to complete core content and build your playbook.
How this compares to the alternatives
Unlike generic compliance courses, this is tailored to practitioners owning SOC 2 within delivery roles , not just passing audits, but leading them.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.