To view this content in our official product documentation, click here.
Introduction
SOC 2 (Service Organisation Control Type 2) is a cybersecurity framework that assesses how well a service organisation protects client data.
{% embed url="https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2" %}
Purpose
Developed by the American Institute of Certified Public Accountants (AICPA), the purpose of SOC 2 is to:
- Ensure that client data is handled securely by third-party service providers
- Build trust between a company and its customers
- Demonstrate a company's maturity in handling customer data
The SOC 2 report
The SOC 2 report evaluates controls against the Trust Services Criteria, focusing on controls in five categories:
The Patchworks SOC 2 report is available upon request.
Security
Information and systems are protected against unauthorised access/disclosure, and damage to the system that could compromise availability, confidentiality, integrity and privacy. Protections include:
- Firewalls
- Intrusion detection
- Multi-factor authentication
Availability
Systems, tools, and processes are in place to ensure systems are available for operational use. These include:
- Performance monitoring
- Disaster recovery
- Incident handling
Confidentiality
Systems, tools, and processes are in place to ensure information is protected and available on a legitimate, need-to-know basis (applies to various types of sensitive information). These include:
- Encryption
- Access controls
- Firewalls
Processing integrity
Resources, tools and processes are in place to ensure system processing is complete, valid, accurate, timely and authorised. These include
- Quality assurance
- Process monitoring
- Adherence to principle
Privacy
Systems, tools, and processes are in place to ensure personal information is collected, used, retained, disclosed and disposed of according to policy (privacy applies only to personal information). These include:
- Access control
- Multi-factor authentication
- Encryption
Comments
0 comments
Please sign in to leave a comment.