From Chaos to Certification: My Journey to Revamping IT and Achieving SOC 2


Could you provide insights on how you managed to overhaul a small office’s IT infrastructure, implement robust security measures, and prepare for a SOC 2 audit, all while fostering a positive work environment and ensuring business continuity?


When I joined the small office three years ago, the transition from the previous Managed Service Provider (MSP) was less than ideal. Just one month in, we faced a critical challenge: the office servers failed. This crisis became an opportunity to not only recover lost data but to rebuild and enhance our IT infrastructure from the ground up.

Cloud Migration and Infrastructure Overhaul

The first step was to migrate our hosting infrastructure to the cloud. This move not only provided us with more reliable uptime but also offered scalability to accommodate our growing needs. The process involved meticulous planning and execution to ensure a seamless transition, minimizing downtime and disruption to our operations.

Enhancing Security and Documentation

Security is paramount, so I initiated a cleanup of our documentation. A widely accessible confluence page with a list of usernames and passwords was replaced with a secure password manager. This change significantly reduced the risk of unauthorized access.

Disaster Recovery and Backups

A robust disaster recovery policy was put in place, complete with regular process tests. We also enabled proper backups both internally and hosted, ensuring that our data remains safe in any eventuality.

Network and Equipment Standardization

Standardizing our internal network and office equipment was another critical step. It not only improved efficiency but also reduced the complexity of managing our IT assets. System monitoring for our hosting servers was implemented, providing real-time insights into our network’s health.

Streamlining Onboarding and Company Growth

As the company tripled in size, an actual onboarding process for new hires was essential. Managing this process effectively was key to integrating new team members smoothly into our operations.

SOC 2 Audit and Certification

Perhaps the most significant achievement was the work done towards our SOC 2 audit and certification. This rigorous process involved enhancing our security measures, policies, and procedures to meet the high standards required for certification.

Preparing for the Future

While I don’t plan to leave my current position, I’ve prepared the company for my potential absence. This includes documenting critical systems, setting up a password manager, and creating break-glass accounts with multi-part passwords shared among higher-ups.

Fostering a Positive Work Environment

Lastly, to foster a positive work environment, I built a Minecraft server for the office during Christmas. It was a unique way to bring the team together, even securing a purchase order to buy the game for those who didn’t have it.

In conclusion, overhauling a small office’s IT infrastructure and preparing for a SOC 2 audit while maintaining a positive work environment is a multifaceted challenge. It requires a balance of technical skills, meticulous planning, and a focus on team morale. The journey has been rewarding, and the results speak for themselves: a more secure, efficient, and happy workplace.

I hope this article provides a comprehensive answer to your question and offers valuable insights into the process of transforming a small office’s IT landscape.

Leave a Reply

Your email address will not be published. Required fields are marked *

Privacy Terms Contacts About Us