SOC 2 Security Awareness Training for Employees

Curricula educates your employees about SOC 2 compliance with a simple and fun security awareness training program. Launch a fun, employee-friendly security awareness training program to start speaking the language of SOC 2 security controls.

🍿 Watch the Trailer

FREE for up to 1,000 employees. Setup in 15 minutes.

Find out why SaaS companies trust Curricula for their SOC 2 training

Companies that trust Curricula for their SOC 2 training

Fun SOC 2 training for every employee

Struggling to train your employees about the importance of SOC 2? Instead of a boring email or an all-hands meeting, you'll have access to our fun, animated training content that describes all the basics of SOC 2 for your employees.

🍿 Want to see it in action? Watch the trailer video below 👇

Click Here to Watch the Full Episode

Security training is never a one-and-done. Employees need to be part of the SOC 2 conversation from the get-go. Curricula is a compelling way to make security education fun so employees actually learn from their training.

Adam Markowitz
Adam Markowitz
CEO, Drata

A Platform Startups Love

There's a reason why startups choose Curricula for their SOC 2 security training. We're simple, fun, and effective. Learn how you can bring your security culture to life with the Curricula platform.

Oh yeah and Curricula is completely FREE
for up to 1,000 employees.

Start learning with your FREE account

FREE SOC 2 Startup Kit

Startups need help building their security awareness program for SOC 2. That’s why our free SOC 2 startup kit helps make your entire employee SOC 2 security training program a breeze.

What’s Included?

SOC 2 Training
A fun and simple episode designed to explain SOC 2 compliance concepts to your employees about protecting customer data.
Phishing and Cyber Security Training
Our core episodes to launch your SOC 2 security awareness training requirements.
Compliance Reporting
Simple compliance reports are automatically generated to hand off to your auditors proving your security awareness compliance in seconds.
LMS Platform
Set automatic enrollment dates, scoring, and launch custom training content to your employees in our web-based eLearning platform.
Notifications
Reminders and training notifications are sent out automatically to your employees, reminding them to complete their required training so you don’t have to lift a finger!
Phishing Simulator
Our integrated phishing simulator helps train employees using real-world simulated phishing tests sent by our character DeeDee.
Integrations
Sync up with your directory service to automatically have employees imported and deactivated within the Curricula platform.
Custom Content Creator
Build your own custom training content on any topic and launch within minutes. Make learning fun using our simple integrated design tools.
Downloads
Download security awareness posters and other fun content to further engage employees in your program.
Support
Our team is here to help every step of the way of your SOC 2 journey. Anything from designing your content schedule to running reports for your auditors, we’ll have your back.

Simple Reports That
SOC 2 Auditors Love

Everyone knows how stressful going through a SOC 2 compliance audit can be, but not with Curricula. Snapshot all of your security awareness training evidence and records in seconds. Your auditors will thank you for using Curricula to demonstrate SOC 2 compliance of your required security awareness training program.

Learn about Compliance Reports

Why You Should Be
SOC 2 Compliant

As your business grows, compliance regulations grow too. Your customers require your organization to achieve certain compliance certifications, such as SOC 2.

Curricula will help you achieve SOC 2 compliance by training your employees, documenting everything for the auditors, and do it all for less than a cup of coffee per employee. In just a few minutes you could be on your way to a safer, more effective SOC 2 information security awareness training program with Curricula.

Learn about SOC 2 Compliance

"Before finding out about Curricula we used a legacy security awareness vendor and it was a nightmare! Curricula made completing our SOC 2 training requirements so easy for me to manage and our employees love it."

Director of IT, SaaS Company

We GrowWith You

Every organization has a different maturity level of its security program. So whether you're just starting on your security journey or managing a mature security program, we have you covered with the plan that's right for you.

Add licenses and upgrade your plan as your security program grows right from within the Curricula platform. Not sure where you are? Take a look at our Simple Security Awareness Maturity Model.

Integrations

Wearing many hats is the name of the game when you’re a growing SaaS organization. Our integrations help with everything from employee syncing, notifications, and compliance management tools.

Explore All Integrations

SOC 2 FAQ

Below you will find some of the most frequently asked questions about SOC 2 ✌️

Is SOC 2 required for all SaaS companies?

No. In fact SOC 2 isn’t a legal requirement for anyone. But with that being said, SOC 2 is one of the most common compliance frameworks that organizations use to demonstrate security and compliance for protecting customer data. Typically your organization will be required to complete a SOC 2 audit as part of landing a customer contract. We are continuing to see this trend for SaaS companies to have their SOC 2 as a necessity instead of a nice to have.

What is the difference between SOC 2 Type 1 and SOC 2 Type 2?

SOC 2 offers a Type 1 and Type 2 report. The Type 1 report is a point-in-time snapshot of your organization’s controls, validated by tests to determine if those controls are working appropriately. The Type 2 report looks at the effectiveness of those same controls over an extended period of time – usually 6-12 months. A Type 2 report is the most common report organizations look to achieve to demonstrate they continue to maintain their SOC 2 compliance program.

Is security awareness training required for SOC 2?

Yes! Security awareness training is a requirement for SOC 2. You can design your security awareness training policy any way you would like, as long as you ensure that every employee is part of a formal security awareness training program and can provide evidence for it. Curricula helps your employees learn to speak the basic language of SOC 2 by giving every employee free access to our SOC 2, Phishing, and Intro to Cyber Security training episodes. Our team worked with industry experts and auditors to define a SOC 2 starter plan to get you up and running quickly to complete your SOC 2 training requirements.

Why is security awareness important for SOC 2?

Security awareness training is important because it’s the core of your employees’ knowledge about SOC 2. Curricula helps your employees learn to speak the basic language of SOC 2 by giving every employee free access to our SOC 2, Phishing, and Intro to Cyber Security training episodes. Employee buy-in is just as important as the security controls you are implementing. Think of security awareness training as the hype man behind all of your hard work and effort going into your SOC 2 compliance program.

What are some reasons companies are driven to SOC 2 compliance?

Trust. When your organization is discussing working with another organization, trust needs to be established. SOC 2 is a way to demonstrate that your customers can trust you by implementing a formal security program and focusing on protecting their data. Most organizations are required now to have a SOC 2 report as part of their contract with new vendors.

What are the 5 Trust Services Criteria for SOC 2?

Security is the only required criteria as part of any SOC 2 audit. Below is a summary of the 5 Trust Services Criteria.
1. Security: The security section of a SOC 2 audit examines both the physical and electronic forms of security in use.
2. Availability: Are your customers able to access the system as per contractual specifications?
3. Processing Integrity: If a company offers financial or e-commerce transactions, audit reports should include details on controls designed to safeguard transactions.
4. Confidentiality: Are there any restrictions on how data is shared? Include how data is stored, transferred, and accessed as well as adherence procedures for privacy policies.
5. Privacy: Unlike confidentiality, this area focuses on how your organization collects and uses customer information. Your privacy policy must align with actual operational procedures.

How do I define my SOC 2 security awareness training policy?

Most security and compliance automation vendors already have policies defined for security awareness training. It’s important to remember that YOU make YOUR OWN policies. The biggest mistake we see organizations do in their SOC 2 security awareness program is over-define their controls. Don’t make your requirements so complex that it’s challenging to keep up. That’s why Curricula has designed a program to get you started, keep you compliant, and make it simple for employees to complete annually.

Does SOC 2 tell me exactly what to do?

No. While SOC 2 may outline the controls needed, it is up to you and your organization to define what and how those controls operate. There is a lot of flexibility in SOC 2 that your auditor will ask how and why you got to your conclusion to implement those controls. Then they will ensure your defined controls are implemented and operating as expected. Our best advice is don’t overdue it.

Is Curricula SOC 2 compliant?

Curricula is currently in progress on our own SOC 2 compliance journey! We have implemented most of the required controls and are now gathering evidence to demonstrate evidence for our audit later in 2022.

How does Curricula help with SOC 2?

We are experts at security awareness training, Period. We don’t run SOC 2 audits for you or help you prep for them. Curricula provides your employees a simple security awareness training program designed to meet the SOC 2 requirements. We help your organization launch this program to every employee in less than 15 minutes and will help you provide evidence to your auditors.

Is Curricula really free for SOC 2?

Yes! Curricula is designed to grow with an organization and its needs starting from Day 1. Our free plan gives every startup the basic necessities to build and launch their first security awareness program effortlessly. Then as your security program matures, we offer additional paid plans that will unlock more content and tools for a mature security awareness program.

Ready to level-up your security culture?

Sign up for your Free Account. *No Credit Card Required.

© 2022 Curricula Group, Inc. All rights reserved.