How to implement the control:
Many consultancies will help prepare you for a SOC2 audit but it can only be completed by a certified public accountant (CPA). Find out how to find a CPA [here](https://www.aicpa.org/forthepublic/findacpa.html "CPA").
Answer yes if your organisation has completed any other information security audits or certifications. If yes, please state the certification or report in the notes and please upload the relevant certification or report as evidence.
Other information security certifications are available to be audited against by relevant bodies, such as a SOC2 audit.
More information on SOC2 reports can be found here.
If you would like to contribute to this article or provide feedback, please email firstname.lastname@example.org. Contributors will be recognised on our contributors page.