SOC 2 Academy: Preparing for Current and Future Availability Needs

Author: kirkpatrickprice00

Description: Learn more at

In the simplest terms, the availability category for SOC 2 compliance asks organizations if their system is available for operation and use as agreed upon. For organizations that need to include availability in their SOC 2 audits, such as cloud service providers or storage facilities, preparing for current and future availability needs is a necessity. For example, if a data center doesn’t maintain, monitor, or evaluate the current processing capacity of their system, they might have an outage that would make their systems unavailable, which would greatly impact their customers’ business continuity. Because of this, when an auditor assesses an organization’s compliance with availability 1.1, they’ll use the following points of focus as a guide:
- Does the entity measure the current usage to establish a baseline for capacity management?
- Does the entity forecast the expected average and peak use of their system components?
- Does the entity make changes to their system based on the forecasts?

Stay Connected

More Free Resources
White Papers:

About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks.

For more about KirkpatrickPrice:
Contact us today: 800-770-2701