CASE STUDY | TECHNICAL & COMPLIANCE COMMUNICATIONS

Supporting SOC 2 Certification Initiative

Strategic Focus: Translating technical and compliance-driven initiatives into clear, accessible internal communication.

TL;DR

Partnered with the CIO/CISO to translate complex security and SOC 2 initiatives into clear internal communication, helping employees understand expectations and adopt secure practices.

← Back to Internal Communications Portfolio

To protect confidentiality, company names have been anonymized. The scope, complexity, and outcomes reflect real-world internal communications work.

The Situation

As the company pursued its first SOC 2 certification, leadership needed to formalize and document security controls across the organization. For many employees, this introduced new requirements, terminology, and behavioral expectations. The initiative carried operational and reputational risk. Clear, consistent internal communication was essential.

The Challenge

SOC 2 introduced technical concepts and control requirements that were unfamiliar to much of the organization. Without careful translation, the initiative risked being perceived as confusing, burdensome, or purely technical. Employees needed to understand:

Why the certification mattered
What changes were required
How their day-to-day behaviors supported compliance
What milestones were being achieved

This was not simply an informational effort; it required clarity, trust, and alignment in behavior.

My Role

I partnered directly with the CIO/CISO to support the internal rollout of SOC 2. My responsibility was to translate technical language into accessible messaging, create centralized resources, and ensure the organization understood both the purpose and the impact of the initiative.

What I Did

Built a Centralized Intranet Hub

Created a dedicated SOC 2 resource center
Consolidated updates, FAQs, documentation, and training links
Provided a single source of truth for employees

Simplified Technical Language

Translated security terminology into clear, plain language
Drafted FAQs addressing common employee concerns
Developed messaging that balanced transparency with risk sensitivity

Supported Behavior Change

Communicated new password and access control protocols
Reinforced required training and documentation standards
Clarified employee responsibilities in maintaining compliance

Communicated Audit Milestones

Shared progress updates at key points in the certification process
Reinforced organizational accountability
Maintained visibility without creating unnecessary alarm

The Outcome

Supported successful SOC 2 certification preparations
Increased employee understanding of security and compliance requirements
Reduced confusion through centralized resources and plain-language FAQs
Strengthened cross-functional partnership between communications and IT/security leadership
Established a repeatable model for future compliance-driven initiatives

Key Skills Demonstrated

Technical Translation

Compliance Communication

Executive & IT Partnership

Change Enablement

Risk-Sensitive Messaging

Explore more case studies:
Internal Communications Strategy • Executive Messaging • Leadership Town Halls • AI-Enabled Communications Workflows