Open Nav
Sign Up

 Sharing the SOC2 Audit Journey at AI21 Labs

Sharing the SOC2 Audit Journey

Alex Feldberg

June 19, 2023

At OP Innovate, we offer a range of services to our customers, including Pen Testing as a service (PTaaS) and Incident response. Another service we provide is CISO as a Service. In this regard, I would like to share my recent involvement in a successful SOC 2 audit process with our valued customer, AI21 Labs.

I am proud to have been part of yet another successful SOC 2 audit process. reinforcing our commitment to data security and privacy. As a Chief Information Security Officer (CISO), I wanted to take a moment to share the main topics, experiences, and recommendations from this significant milestone.

SOC2 Audit Scope and Objectives

The SOC2 audit was designed to evaluate the effectiveness of internal controls and processes concerning security, availability, processing integrity, confidentiality, and privacy. The SOC2’s primary objective was to meet the organization’s business goals. The scope was defined early on to ensure that all relevant systems and services were included.

Documentation and Policies

Robust documentation and policies are essential for a smooth audit. We invested significant effort in developing comprehensive policies, procedures, and controls aligned with SOC2 requirements. This not only facilitated the audit process but also laid the foundation for a strong security culture. One of the greatest challenges of CISOs is making sure that policies and procedures align with the daily operations of the organization – Getting key stakeholders involved in the implementation of policies and procedures is an essential component of a successful audit.

Internal Readiness

Preparation is key to a successful SOC2 audit. We conducted thorough internal assessments, identifying gaps and taking corrective actions in advance. Regular internal audits helped us maintain a high level of compliance readiness throughout the journey.

Collaboration and Communication

Our audit process involved close collaboration between various teams, including IT, HR, Legal, and Operations. Effective communication channels and regular updates ensured everyone was aligned with the audit objectives, promoting a culture of accountability and teamwork. It is important to establish a point of contact between the company’s different teams, who will act as the de facto project manager.

Continuous Improvement

Completing the SOC2 audit is just the beginning. To uphold our commitment to data security, we must maintain an ongoing focus on continuous improvement. Moving forward, I recommend the following:

  • Regular Assessments: Conduct periodic assessments to evaluate the effectiveness of our controls and identify areas for enhancement.
  • Penetration Testing: Conducting regular penetration testing is an essential part of a comprehensive cybersecurity strategy. It involves simulating real-world attacks to identify vulnerabilities and weaknesses in an organization’s systems, networks, or applications. By proactively identifying and addressing these vulnerabilities, organizations can improve their overall security posture
  • Training and Awareness: Invest in comprehensive training programs to ensure all employees understand their roles and responsibilities in maintaining SOC2 compliance.
  • Risk Management: Enhance our risk management practices to proactively identify and mitigate potential security risks, aligning with industry best practices.
  • Third-Party Management: Strengthen our vendor management program, ensuring that our partners uphold the same high standards of security and compliance.

Completing the SOC2 audit reinforces AI21 Labs’ commitment to data security, providing our customers with the assurance that their information is handled with the utmost care. The AI21 Labs team worked tirelessly to achieve this milestone and I would especially like to thank NISSIM MAATUK, who was responsible for all operations within the company.

Let’s now move on to the most important thing: Start a plan for continuous management that aligns SOC2 compliance measures at the next renewal.

Resources highlights

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls The UK’s National Cyber Security Centre (NCSC) has issued an alert regarding a sophisticated malware campaign dubbed “UMBRELLA…

Read more >

umbrella stand fortinet

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

A critical local privilege escalation vulnerability in the Notepad++ v8.8.1 installer allows attackers to escalate to NT AUTHORITY\SYSTEM using binary planting techniques. Tracked as CVE-2025-49144,…

Read more >

CVE-2025-49144

Our Red Team’s Favorite Penetration Testing Tools in 2025 (And How We Use Them)

When it comes to red team operations, the tools you choose can make or break the engagement. From initial reconnaissance to post-exploitation, having a streamlined,…

Read more >

pentesting tools - op

New Linux Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Enable Full Root Access in Seconds

Security researchers have uncovered a critical privilege escalation chain in major Linux distributions that allows any local user with a session (SSH or GUI) to…

Read more >

CVE-2025-6018, CVE-2025-6019

Zero to Hero: How Our Red Team Turned a Sticky Note Into Full Cloud Compromise

“The weakest link in your security chain might be sitting right on your desk.” At OP Innovate, our CREST-certified red team is trained to think…

Read more >

OP Innovate Red Team

One-Third of All Grafana Instances Vulnerable to XSS (CVE-2025-4123)

Over 46,000 internet-facing Grafana servers (≈36 % of those online) are still running versions susceptible to CVE-2025-4123, a high-severity open-redirect that chains into stored cross-site…

Read more >

CVE-2025-4123
Under Cyber Attack?

Fill out the form and we will contact you immediately.