SOC 2 is a reporting standard used to assess a business’ internal controls related to Information Technology. It is based around the Trust Principles of Security, Availability, Integrity of processing, Confidentiality and Privacy.
What is SOC 2?
SOC 2 is short for Service Organisation Controls.
These controls help businesses that outsource IT to understand the policies, procedures and processes that cloud service providers use in their solutions.
Why Does SOC 2 Matter?
Companies that rely on third-party service providers for their IT services need to know that their information is secure when operating in the cloud.
In some locations, legislation indicates companies may only handle data in the cloud when following a stringent set of requirements. These requirements are often met by SOC 2. In that sense, a SOC 2 audit enables an IT solution provider to work with a broader range of companies – especially those who require security certifications.
Why are There are 2 Types of SOC 2?
There are two varieties of SOC 2 reports: SOC 2 Type 1 and SOC 2 Type 2. The differences between the reports are significant.
SOC 2 Type 1: This report assesses the description of the controls and the documentation around the controls. This is a point-in-time assessment about the description of the controls and their capability to protect a system and sensitive information.
SOC 2 Type 2: This report requires an assessment of the controls and the documentation, plus it actually tests that the controls function as they are intended to. CYDEF is undertaking the SOC 2 Type 2 audit so our clients and partners know exactly what we are doing to protect sensitive data.
Is There a SOC 1?
SOC 1 is used to measure the financial controls performed by a service organisation.
The SOC 2 report follows the same approach, but is focused on the controls over IT.
What Does the SOC 2 Audit Include?
The SOC 2 reporting standard is an Audit opinion report over internal controls related to Information Technology. It is based around the Trust Principles of Security, Availability, Integrity of processing, Confidentiality and Privacy.
These audits are performed by professional assurance and advisory service providers, aka. Certified Professional Accountants.
The SOC 2 audit process is lengthy. It begins with a Scoping & Readiness assessment and finishes with a formal audit by a CPA firm. This process takes months to complete.
Once the audit is complete, an annual compliance audit is performed. This ongoing commitment to SOC 2 ensures that your data, IP, and sensitive information is secure with CYDEF.
How Will my Business Benefit from Working with a SOC 2 IT Provider?
- Credibility: You can trust that CYDEF is a secure solution provider based on the audit results
- Confidence: SOC 2 requires the completion of a standard assessment by a certified third-party auditor. The resulting report indicates that CYDEF complies with SOC 2 standards, which signals to your business that CYDEF can keep your data secure in the cloud.
- Clarity: A SOC 2 report clearly outlines the processes and controls at CYDEF. That way, your business knows which controls have been applied to keep your business safe.
CYDEF Approaches SOC 2 Completion
In the coming months, CYDEF will be completing the final stages of the SOC 2 audit.
A SOC 2 report demonstrates privacy compliance and a commitment to security. If you’re curious about what this means to your organization, contact us. We’re in the business of talking security.