Our resource center for all things Compliance

Frequently Asked Questions

The most common questions we get.

6 answers

A Type-1 audit is conducted at a point in time. Type-1 shows what’s in place to get compliant. A Type-2 audit is a much broader and comprehensive audit which inspects the effectiveness of control operations across a period of time (usually 6-12 months). Type-2 shows how you’re staying compliant over time. We provide evidence collection, monitoring, and real-time auditor feedback over that entire span of time.

Unlike PCI, only a CPA firm can provide a signed SOC-2 report. We help you Control the SOC 2 Compliance process, prepare and facilitate the audit, and act as an internal audit team to help you pass without the pain. But we cannot grant a SOC-2 report. We're happy to connect you with one of our audit partners to get it done quickly!

There are currently five Trust Services Criteria: Security, Availability, Confidentiality, Privacy and Processing Integrity. Most organizations start their compliance journey focused on Security, then build a compliance roadmap across other criteria over time.

Control is the Very Good Security’s Compliance Platform. Many compliance frameworks have common criteria. This means that, for example, adherence to a PCI Control, can also apply to a HIPAA control. We cover multiple compliance frameworks, including ISO 270001, PCI, HIPAA, GDPR, CCPA and more.

SOC 2 applies to a much broader range of organizations, and focus on the security, availability, confidentiality, processing integrity, and/or privacy of customer data. PCI on the other hand, has a narrower focus, specific to organizations that accept, store, process, or transmit cardholder data.

No. There’s obvious benefits that you should seriously consider; like immediate compliance across dozens of data related control criteria. But it’s not a requirement. We see many customers starting with Control and adding the VGS Vault as they grow their security posture.


Issues related to payments or invoicing.

3 answers

VGS Control is an annually renewed platform in order to provide value over time in renewing your audits. The annual fee can be paid all once, or in monthly installments.

Contact your account representative, or email us at

While we don't offer referral codes, please let your account manager know anything that may be determining your budget. We're happy to work with you on pricing!


Issues related to logging in, out, or about multiple devices.

4 answers

Our accounts automatically timeout your login after 24 hours, if you're losing access faster than that, check that your cookies and cache are not being automatically cleared. Try turning off any browser extensions on our page. If you continue to have any issues, please contact your account representative.

Please contact your account representative directly or email us at

We should connect to determine which compliance frameworks you're pursuing, if we can help by providing an auditor or pentester, and to walk you through some of our cool paid features.

We support SSO via Google login, as well as regular email based accounts. MFA is coming soon! We also support RBAC for user accounts invited to the platform.

Get it done

Sign up for a free account today

Sign up today to receive the Security Foundations Controls Collection and begin your compliance journey now.

Start for free