Sublett Consulting

Sublett Consulting is based in San Mateo, CA. They work with startups, SMBs, and mid-market companies. They primarily serve clients in Healthcare and Technology.

Sublett Consulting is a certified cyber risk expert firm founded in 2011 by Christine Sublett, specializing in information security, privacy, and risk management for early to mid-stage health tech, medical device, digital health, and cybersecurity companies.

Who Sublett Consulting May Be a Fit For

Based on Sublett Consulting's experience and focus areas, these buyer profiles are likely a strong fit. Confirm details directly with the firm before making a decision.

• Companies in Healthcare, Technology looking for a firm with sector-specific experience.
• Startup, SMB, and Mid-Market organizations that want a firm experienced with companies at their stage and budget level.
• Teams using Thoropass who want a firm already familiar with their compliance tooling.

What to Evaluate Before Engaging This Readiness Partner

Before engaging a SOC 2 readiness partner, evaluate the following to make sure the firm is the right fit. A strong readiness engagement sets the foundation for a smoother formal audit.

Read more: How to choose the right SOC 2 firm · SOC 2 audit cost guide

Questions to Ask Sublett Consulting

Use these practical questions during an introductory call to evaluate fit, scope, and working style.

• How many SOC 2 readiness engagements does your team complete per year?
• What is your experience preparing Healthcare companies for SOC 2?
• How do you work with clients using Thoropass?
• Is pricing fixed-fee or time-and-materials?
• What is the expected timeline from kickoff to audit readiness?
• Do you have audit firm partners you recommend once we are ready?
• Who will be my day-to-day point of contact?
• Can you share a sample engagement letter or deliverable?

See all recommended questions: Questions to ask your SOC 2 partner →

About Sublett Consulting and SOC 2 Readiness

What industries does Sublett Consulting have SOC 2 experience in?

Sublett Consulting serves clients in Healthcare and Technology. Working with a readiness partner that understands your industry helps ensure the right controls are in place before your formal audit begins.

What size companies does Sublett Consulting work with?

Sublett Consulting works with startup, SMB, and mid-market companies. Their experience with earlier-stage companies suggests familiarity with leaner control environments and tighter budgets. A readiness partner matched to your company stage will better understand your control environment and offer pricing that fits your budget.

Does Sublett Consulting work with compliance platforms like Thoropass?

Yes. Sublett Consulting has experience with clients using Thoropass. A readiness partner familiar with your platform can help you map controls to evidence more efficiently and reduce friction when the formal audit begins.

Where is Sublett Consulting located?

Sublett Consulting is headquartered in San Mateo, CA. SOC 2 engagements are typically conducted remotely, so industry experience and platform familiarity matter more than physical location, though overlapping time zones can make coordination easier.

How do I know if Sublett Consulting is the right SOC 2 readiness partner for my company?

Start by comparing Sublett Consulting's industry experience, platform support, and pricing against at least three other readiness partners. Ask each firm for references from companies similar to yours in size and sector. Review their track record of helping companies achieve clean SOC 2 reports. Finally, verify that their proposed timeline aligns with your compliance deadline.

What makes Sublett Consulting different from other SOC 2 readiness firms?

Sublett Consulting specializes in Healthcare and Technology companies and integrates with Thoropass, giving them a narrower focus than most general-practice readiness consultants. That specialization typically translates to more relevant control recommendations and faster preparation.

Is Sublett Consulting a good fit for first-time SOC 2 preparation?

Sublett Consulting works with Seed, SMB, Mid-market companies, which suggests familiarity with organizations at various stages of SOC 2 maturity. If this is your first time, ask about their gap analysis process, how they help design controls, and what deliverables you will receive at the end of the engagement.

How does Sublett Consulting's pricing compare to other SOC 2 readiness firms?

Sublett Consulting's listed pricing is Custom quote. SOC 2 readiness costs vary based on scope, company size, and how much hands-on help you need fixing gaps. Request line-item proposals from multiple firms to make an informed comparison.

Sublett Consulting vs Other SOC 2 Readiness Firms

This table shows how Sublett Consulting stacks up against other SOC 2 auditors across pricing, audit timeline, industry specialization, and platform compatibility.

Best SOC 2 Readiness Partner for Healthcare

How Much Does Sublett Consulting Charge for SOC 2 Readiness?

SOC 2 audit pricing depends on engagement scope, audit type, and firm. Here is what we know about Sublett Consulting's pricing and the factors that affect cost.

Factors that affect SOC 2 audit cost

For a detailed breakdown: How much does a SOC 2 audit cost?

SOC 2 Firms Similar to Sublett Consulting

Compare Alternatives to Sublett Consulting

Evaluating multiple SOC 2 auditors helps you compare pricing, timelines, and industry expertise. These firms serve a similar market.

Browse by Category

• Healthcare SOC 2 auditors
• Technology SOC 2 auditors
• SOC 2 auditors for Thoropass
• Startup SOC 2 auditors
• SMB SOC 2 auditors
• Mid-Market SOC 2 auditors