Market size of compliance/audit software

Goals

To find information and statistics about the total spend on SOC2 compliance in the U.S. every year.

Early Findings

SOC 2

  • This certification developed by the American Institute of CPAs (AICPA) was designed specifically for companies providing services through the cloud and who store customer data.
  • Before 2014, these companies only had to meet SOC 1 (SSAE 16) compliance requirements.
  • Since then, technology companies are now expected to be SOC 2 compliant, most importantly when they use the Cloud to store customer data.
  • This is usually the case in the Software as a Service (SaaS) sector.
  • However, the SOC 2 attestation is completely voluntary, but companies that have it are more trustworthy.
  • It applies to all companies that use the Cloud to process and store customer data and has been developed in response to increasing concerns over data privacy and security.
  • Any service provider handling sensitive customer data should have to be SOC2 compliant as well as their sub-contractors.
  • Industries that need to be SOC 2 compliant include Cloud computing , IT security management, and Software-as-a-Service (SaaS) vendors.

When to Conduct the Audit

  • Most startups conduct this audit when they reach their B or C round of funding.
  • This SOC2 audit should be conducted every year.

SOC 2 Type I

SOC 2 Type II

SaaS Companies

Estimate

  • Given that there is a lack of data linked directly to the size of the SOC 2 market in the U.S., we can provide some estimates using the statistics gathered such as the number of SaaS companies in the U.S. and the cost of these SOC 2 audits.
  • If we assume that most of the SaaS companies in the U.S. conduct SOC 2 audits, we can use a percentage close to 75%, and we can also assume that the cost would be between $20,000 and $100,000.
  • We can assume an average of 9,000 SaaS companies in the U.S.
  • In this case we will use the average which is $60,000.
  • Therefore, we can assume that the total estimated SOC 2 spend in the U.S. every year would be (75%*9,000)*60,000 =405,000,000.
  • The total would be estimated at $405 million.




Proposed next steps:

You need to be the project owner to select a next step.