NorthPoint Credit Union serves businesses and consumers across two regional branches, providing retail banking, lending, and digital financial services. While the organization maintained a mature security environment, preparing for a SOC 2 Type II audit required far more than technical controls alone. By combining governance, documentation, security improvements, and continuous evidence collection, AstroIT helped NorthPoint successfully complete its first SOC 2 Type II audit while building a stronger long-term compliance program.

A regional credit union passed its SOC 2 audit on the first attempt.
Through a structured gap assessment, policy development, and technical security improvements, NorthPoint Credit Union achieved a successful first-pass SOC 2 Type II audit in just 14 weeks.
First-pass
SOC 2 Type II success
Industry
Financial Services
Locations
2 branches
Engagement
Compliance Services
Client Since
2023
NorthPoint Credit Union
Strong security, but no framework tying everything together
NorthPoint had invested in cybersecurity over several years, but policies, documentation, and operational controls had evolved independently. While many technical safeguards already existed, there was little evidence demonstrating that controls were consistently reviewed and maintained.
With a SOC 2 Type II audit approaching, leadership needed to close documentation gaps, strengthen governance, and ensure every security control could be supported with clear, audit-ready evidence.
"The technology was there. The challenge was proving every control worked consistently and documenting it the right way."
— NorthPoint Credit Union, Chief Information Officer
A compliance program built around continuous evidence
AstroIT delivered a structured compliance engagement covering governance, security policies, technical remediation, and ongoing evidence collection, ensuring the organization entered the audit fully prepared.
Gap Assessment
Reviewed existing security controls against SOC 2 Trust Services Criteria.
Policy Development
Created standardized security policies, procedures, and operational documentation.
Security Control Improvements
Strengthened identity management, monitoring, and endpoint protection.
Continuous Evidence Collection
Established ongoing documentation and reporting for future audits.
Audit-ready in 14 weeks
Gap Assessment
Reviewed technical controls, policies, documentation, and operational procedures.
Control Remediation
Implemented recommended security improvements and governance updates.
Documentation & Evidence
Prepared audit evidence, policy acknowledgements, and operational records.
Mock Audit
Performed an internal readiness review before the external SOC 2 assessment.
Instead of scrambling before the audit, we walked in knowing every control had supporting evidence. The entire process was far smoother than we expected.

Emily Carter
Chief Information Officer, NorthPoint Credit Union
Want results like this for your business?
Book a free, no-obligation consultation and get a clear picture of your IT environment within one week.
