Compliance Readiness Framework for SOC 2 / ISO 27001

Overview

In a fast-moving tech environment, I contributed to the development of a compliance readiness framework aimed at helping the organization meet SOC 2 and ISO 27001 standards. The focus was on clarity, control mapping, and cross-team collaboration to prepare for a clean external audit within 6–12 months.

My Role

I supported the compliance effort by identifying gaps, mapping controls to key frameworks, and developing documentation to support a future audit. The goal was to create a repeatable structure the business could scale as it matured.

Key Contributions

• Control Mapping: Aligned technical and administrative controls with SOC 2 Trust Services Criteria and ISO 27001 clauses using simplified spreadsheets and templates.

• Gap Identification: Conducted informal gap assessments across IT, HR, and legal processes, focusing on access control, change management, and vendor oversight.

• Policy Drafting: Helped write and standardize key policies (e.g., Acceptable Use, Access Management, Incident Response) in preparation for audit readiness.

• Audit Simulation Support: Contributed to mock audit documentation requests and helped streamline evidence collection processes.

What It Demonstrates

• Solid understanding of compliance frameworks (SOC 2, ISO 27001)

• Ability to translate controls into process improvements

• Cross-functional collaboration with legal, IT, and people teams

• Strategic thinking for scalable governance

Tools & Concepts Used

• Frameworks: SOC 2, ISO 27001, NIST CSF (light reference)

• Tools: Manual templates (e.g., Confluence + Excel), simulated Vanta-like workflows

• Artifacts: Policy templates, control matrix, internal audit prep checklist