The Trustero platform now generates a SOC 2 system description on demand, eliminating the need for weeks of manual work and costly consulting fees.
The system description is a critical part of a SOC 2 report (section III) that each company needs to produce and is essential for describing the scope of the system that is covered by a SOC 2 audit. This document is typically 20+ pages long and must be completed by the client. Consultants often charge thousands of dollars to create this document.
To create the system description, the Trustero platform relies on two key information sources:
- A template system description, designed by Trustero’s GRC experts, informed by best practices from countless SOC 2 audits.
- Client information stored in the Trustero platform, like the company’s architecture diagram and information about primary infrastructure and supporting tools.
The system description generator fills in the template with the client information to produce a first draft that is downloaded as a Word document. The draft contains a few items that must be completed offline and some clients may wish to tailor it further.
The system shows each piece of required information, highlighting if anything is missing.
Generating a new SOC 2 System Description Document
Once generated, the file is available as a Word document that can be completed offline and then added back to the platform, where it is available to other collaborators and auditors.
Generated System Description, with completed Supporting Tools section, shown in Word
To use this feature, navigate to Company Info → System Description and push the “Generate System Description” button.
Uploading Completed System Description
To add the complete System Description Word document back to the platform, navigate to System Description and press the “+” button on the left to upload the file.
Note: this option is only available if you are using the SOC 2 framework in your account.
Note to clients who used the previous version:
Previously Trustero had separate DC1 - DC9 sections for each piece of the system description in the Company Info page. If you used those in the past, they will remain visible in your account until December 1, 2024. After that date, those sections will no longer be visible. In the meantime, we encourage you to download any data you have in there and migrate to the new feature.