På Svenska
Hero image


Reporting framework for service providers who take security seriously


Increased demands on service providers

More and more companies are making higher demands on their service providers' ability to handle and report on their IT and information security. An effective way to be transparent and prove to customers and stakeholders that you as an organisation take security seriously is to work with the reporting framework SOC 2.

Content image

We help you all the way to certification

We at Sentor have guided several companies in the work of implementing SOC 2 in their operations. As the framework's controls are only partially predefined, we help you interpret and apply them to your specific organisation.

In this way, you get a management system that is adapted to your specific conditions, at the same time as you meet the requirements placed on the business.

Contact us

Service in brief

Benefits of implementing SOC 2


SOC 2 entails processes that protect your critical information in a more secure way. This reduces the risk of costly data breaches and reputational damage to your organisation.


By working with SOC 2, you increase the chances of maximizing ROI for your other security investments. You also get increased predictability for your costs in the security area.


SOC 2 ensures that your risks are kept at an acceptable level, and at the same time clarifies important processes for your continued security work. You also clarify the users' roles and their access to information.


More and more organisations require their service providers to meet the requirements of SOC 2, as it is proof that your company is securely protecting its information and that of other stakeholders.


By complying with SOC 2, you can close complex transactions and procure­ments faster. Instead of having to explain your working methods, processes and policies, you can instead refer to your SOC 2 report.


Our approach in five steps

1. Getting started

We define the framework for your SOC 2 report and which Trust Service Criteria are applicable to your particular business. The work includes an inventory and classification of assets as well as risk analyzes.

4. External audit

The external audit for SOC 2 is divided into two parts; type 1 which is an audit of control compliance and reviewed at the time of the audit, and type, 2 which is an audit of control compliance for a period of at least 6 months.

2. Control design and implementation

We continue to work with the design of controls in accor­dance with SOC 2 Trusted Service Criteria, and establish a management model for information security.

5. Ongoing support

During the remaining work with compliance with SOC 2, we can continue to assist with expertise and support regarding initiatives in important activities, such as risk analysis, incident manage­ment and so on.

3. Internal audit

We do an internal audit where we verify compliance and prepare for the external audit in the next step. The internal audit is carried out by security experts from Sentor who have not been involved earlier in the process.

why sentor?

The right skills to help your business

Extensive experience

Every year, we help dozens of companies of all sizes and in all sectors to become certified or achieve compliance with information security management systems such as SOC 2.

Active and up-to-date

We carry on an active discussion with industry organisations and auditors to ensure that you, the customer, always receive up-to-date advice and recommendations that help you achieve your business goals.

Turnkey supplier

With experts in both information security and technical security, we are in a unique position to provide you, the customer, with greater insight and help you deal with all kinds of cyber risks that could threaten the success of your business.

Contact us

We offer several contact routes and provide feedback as soon as possible. If you have sensitive information, we ask you to use the encrypted method.