How to get SOC 2 Compliance

SOC 2 Compliance

What is SOC 2?

The requirements of System and Organization Control 2 are established by the American Institute of CPAs.  SOC 2 defines criteria for managing customer data based on the five “Trust Service Principles”—security, availability, processing integrity, confidentiality and privacy.

SOC 2 Compliance

A SOC 2 is a System and Organization Control 2 report. A SOC 2 report illustrate that service organizations receive and share with stakeholders to demonstrate that general IT controls are in place to secure the service provided.

SOC 2 is NOT a Certification

A SOC 2 is NOT a Certification but an audit report compiled by the Certified Public Accountants  under the AICPA’s (American Institute of Certified Public Accountants). A CPA firm attests that controls are in place and either designed effectively.

SOC 2 Report Structure

  • Independent auditor report
  • Management’s Assertion
  • Description of the system
  • Auditor’s test o controls and result of tests
SOC 2 Audit

Call SOC 2 Consultant at +44 02034 888 333

What is difference between SOC 2 Type1 Report and SOC 2 Type 2 Report?

 

SOC 2 Type I report empahasize on the description of a service organization’s system, related control objectives, and the suitability of controls to achieve those objectives of a specific date and represents an auditor’s review and approval of your systems at that moment in time;

 

SOC 2 Type II report shows not only that you understand the necessary security procedures with the addition of an assessment of the operating effectiveness of the controls to achieve the control objectives throughout a period of several months. 

 

thomascsyu

thomascsyu

Leave a Replay

About Me

Over 19 Year in ISO Certification Consulting industry. Many stories I heard from client, auditors and friends

Recent Posts

Follow Us

Sign up for our Newsletter

Welcome to subscribe

Scroll to Top

Get Quote Now

Office Hour: 9:00- 18:00

Tel : 2366 4622

 Email : info@gabriel.hk