Developed by the American Institute of CPAs (AICPA), SOC 2 Compliance is a component of Service Organization Control reporting platform, which defines criteria for managing customer data based on five “trust service principles”:
SOC 2 is both a technical audit and a requirement that comprehensive information security policies and procedures are not only written, but they are implemented and followed.
These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:
A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted.
In our opinion, in all material respects —
Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.
DOWNLOAD PDF >
Views from AICPA staff + AICPA Assurance Services Executive Committee’s SOC 2 Working Group.
DOWNLOAD PDF >