We are in the process of ensuring that our organization is SOC 2 compliant. We have a Security & Compliance Circle that is charged with handling this. We aren't really having any issues, but we thought it would be good to see if anyone else in the Holacracy community is attempting to become SOC 2 compliant. If so, we'd like to collaborate: please contact me on this thread or via private message.
For those that are curious, SOC 2 is a reporting framework that organizations can follow to inform interested parties that they meet certain process standards (kind of like ISO). Here's a little more information: http://ssae16.com/
Geoff, I have had organizations needing to comply with various auditing or other standards. I recommend to start out with a role that can champion and implement what is needed regarding this. Then you have the issue of needing to encode anything you want to expect into governance. Hope you will keep us posted on your progress!