Market size of compliance/audit software
To find information and statistics about the total spend on SOC2 compliance in the U.S. every year.
- This certification developed by the American Institute of CPAs (AICPA) was designed specifically for companies providing services through the cloud and who store customer data.
- Before 2014, these companies only had to meet SOC 1 (SSAE 16) compliance requirements.
- Since then, technology companies are now expected to be SOC 2 compliant, most importantly when they use the Cloud to store customer data.
- This is usually the case in the Software as a Service (SaaS) sector.
- However, the SOC 2 attestation is completely voluntary, but companies that have it are more trustworthy.
- It applies to all companies that use the Cloud to process and store customer data and has been developed in response to increasing concerns over data privacy and security.
- Any service provider handling sensitive customer data should have to be SOC2 compliant as well as their sub-contractors.
- Industries that need to be SOC 2 compliant include
, IT security management, and Software-as-a-Service (SaaS) vendors.
When to Conduct the Audit
- Most startups conduct this audit when they reach their B or C round of funding.
- This SOC2 audit should be conducted every year.
SOC 2 Type I
SOC 2 Type II
- Given that there is a lack of data linked directly to the size of the SOC 2 market in the U.S., we can provide some estimates using the statistics gathered such as the number of SaaS companies in the U.S. and the cost of these SOC 2 audits.
- If we assume that most of the SaaS companies in the U.S. conduct SOC 2 audits, we can use a percentage close to 75%, and we can also assume that the cost would be between $20,000 and $100,000.
- We can assume an average of 9,000 SaaS companies in the U.S.
- In this case we will use the average which is $60,000.
- Therefore, we can assume that the total estimated SOC 2 spend in the U.S. every year would be (75%*9,000)*60,000 =405,000,000.
- The total would be estimated at $405 million.
Proposed next steps:
You need to be the project owner to select a next step.