Service Organization Control (SOC) is a trust-based cybersecurity framework and auditing standard designed by the American Institute of Certified Public Accountants (AICPA) to demonstrate a service provider’s operational controls. The Trust Services Criteria are grouped across the following:

• Security
• Availability
• Processing Integrity
• Confidentiality
• Privacy

Who does it apply to?

The SOC2 standard is intended to indicate a service provider’s ability to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to the security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. The SOC2 control requirements can be validated by a type 1 or type 2 audit report. A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls.

How can Socium Security help?

Socium Security can provide assessment and readiness services for organizations that need to meet internal or external stakeholder expectations using the SOC2 audits and reports. We also have partners who can are licensed to conduct the audit and reporting services to complete the cycle.