Skip to main content
  • Register your SOC 2 report
    Company listings
  • SOC 2
    Secure outsourcing

Trust Services Criteria

SOC2

SOC 2 focuses on a business’s non-financial reporting controls as they relate to Security, Availability, Processing integrity, Confidentiality, and Privacy.

Outsourcing

More key IT functions are outsourced to service organizations as a consequence of cloud opportunities and global competition.

Trust Service Criteria

The Trust Service Criteria for Security, Availability, Processing integrity, Confidentiality, and Privacy are international recognized, because it represents an in-depth audit of a service organization’s control objectives and control activities, which include controls over internal control, security and related processes.

General IT Controls

SOC 2 is the international standard for assurance over IT Controls and supports in gaining confidence over business processes.

Attestation Services

SOC 2 / ISAE 3000 and SOC 1 / ISAE 3402 are the most common Service Organization Control reports. There are two types of reports, a Type I report and a Type II report. A Type I report is a report on design and existence of controls. A Type II also focuses on the operating effectiveness of controls during a predefined period.
ISAE 3402 vs ISO 27001

Implement SOC 2

What are the organizational implications of SOC 2? What are the requirements?
The SOC2 report must be prepared including the internal control framework and associated controls. Absent controls and procedures are implemented within the organization. SOC 2 reports are audited by professional independent external auditors (CPA, CA, Wirtshaftsprufer, expert comptable or RA).
SOC 2 focuses on a business’s non-financial reporting controls as they relate to Security, Availability, Processing integrity, Confidentiality, and Privacy. These principles are outlined in the Trust Services Criteria. Each of the criteria has defined requirements (Points of Focus) that must be met to implement within the organization to demonstrate adherence to the criteria.

More information?

Do you want more information on the impact and requirements of ISAE 3000? Please send information request to info@soc2.co.uk