A SOC 2 report provides assurance that the service organization has deployed an effective control system to mitigate operational and compliance risks of its system
A SOC 2 report provides assurance that the service organization has deployed an effective control system to mitigate operational and compliance risks of its system. It addresses the System and Organization Controls (SOC) using Trust Services Criteria (TSC) for service organizations to apply and report on controls that may affect users of their service. A SOC 2 report demonstrates an independent Service Auditor’s review of a service organization’s application of criteria related to one or more of the TSC, which are: Security, Availability, Processing Integrity, Confidentiality and Privacy.
Trust Services are defined as a set of professional attestation and advisory services based on principles and criteria that address the risk and opportunities of IT-enabled systems and privacy programs. Trust Services principles and criteria are issued by AICPA and the Canadian Institute of Chartered Accountants (CICA). Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy provides guidance when providing assurance services or advisory services (or both) on IT-enabled systems including electronic commerce (e-commerce) systems. It is particularly relevant when providing services related to security, availability, processing integrity, confidentiality and privacy.
The Trust Services principles and criteria are organized into four broad areas:
Copyright @SecurWires. Designed & Developer By MindScript