This presentation aims to provide an overview of building and auditing IT compliance programs using SOC 2 and ISO 27001 as leading frameworks. We will discuss similarities and differences between the frameworks and describe which use cases each framework should be applied. Our emphasis will be on leveraging the human element and approach to ensure success.