One vendor says 'SOC 2' and another 'ISO 27001', what is the difference?
SOC 2 is a US audit report by an accountant on operational controls within a defined scope. ISO 27001 is an international certificate covering an information security management system. Both are useful, neither is a free pass.
Try this first
- 1For SOC 2: request the Type 2 report (not Type 1), and check the period covered and the audit firm.
- 2For ISO 27001: request the certificate and the Statement of Applicability, that shows which controls are in scope.
- 3Read the scope in both cases, vendors sometimes claim 'certified' while only part of the organisation is in scope.
- 4For heavy processing: ISO 27001 plus SOC 2 Type 2 plus DPA with signed SCCs is the minimum for enterprise customers.
When to bring us in
If you want vendor claims briefly assessed for an upcoming tender or customer question, we can scope it.
See also
- New hire has an account but cannot reach Outlook or TeamsAn M365 account without a license is an empty shell. Assigning takes a few clicks, but picking the right plan pays off long-term.
- Employee left, but their email must be retainedPulling the license straight away starts a 30-day timer on the mailbox. The right route keeps access to the mail without paying for the license.
- We pay for licenses nobody usesBetween leavers, duplicate plans, and test accounts there is often 10-20% wasted license spend. A usage report exposes it fast.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.