What is a SOC2?
Report on System and Organizational Controls (SOC) at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy. These reports are intended to meet the needs of a broad range of users who need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.
These reports can play an important role in:
- Oversight of the organization
- Vendor management programs
- Internal Corporate governance and risk management processes
- Regulatory oversight
Organizations are under increasing pressure to demonstrate that they are managing these threats and have effective processes and controls in place to prevent and detect breaches that could disrupt their business, result in financial losses, or destroy their reputation.
- A SOC 2 Type 2 report is a description of a service organization’s system and the suitability of the design and operating effectiveness of controls
- A SOC for Cybersecurity report is a description of the entity’s cybersecurity risk management program and the effectiveness of controls within that program to achieve the entity’s cybersecurity objectives, measured during an examination performed by CPAs (practitioners)