What is SOC 2 ?

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.

A SOC 2 report is designed to meet a wide range of information needs about controls in a service company.

SOC 2 offers information service providers (such as software companies) a way to verify their controls to protect and secure the data, as well as making sure they are accessible.

SOC 2

The SOC 2, principles:

Security: The system is protected against unauthorized access, use or modification to comply with the entity's commitments and system requirements.

Availability: The system is available for operation and use to comply with the entity's commitments and system requirements.

Integrity of processing: System processing is complete, valid, accurate, timely and authorized to comply with the commitments of the entity and the requirements of the system.

Integrity of processing: System processing is complete, valid, accurate, timely and authorized to comply with the commitments of the entity and the requirements of the system.

Privacy: Personal information is collected, used, retained, disclosed and arranged to comply with the commitments of the entity and the requirements of the system.