Home | SOC2

Trust Service Criteria

The Trust Service Criteria for Security, Availability, Processing integrity, Confidentiality, and Privacy are international recognized, because it represents an in-depth audit of a service organization’s control objectives and control activities, which include controls over internal control, security and related processes.

Attestation Services

SOC 2 | ISAE 3000 and SOC 1 | ISAE 3402 are the most common Service Organization Control reports. There are two types of reports, a Type I report and a Type II report. A Type I report is a report on design and existence of controls. A Type II also focuses on the operating effectiveness of controls during a predefined period.

What is the impact on my organization?

The SOC 2 report must be prepared including the internal control framework and associated controls. Absent controls and procedures are implemented within the organization. SOC 2 reports are audited by professional independent external auditors (CPA, CA, Wirtshaftsprufer, expert comptable or RA).

What is the scope of a SOC 2 report?

SOC 2 focuses on a business’s non-financial reporting controls as they relate to Security, Availability, Processing integrity, Confidentiality, and Privacy. These principles are outlined in the Trust Services Criteria. Each of the criteria has defined requirements (Points of Focus) that must be met to implement within the organization to demonstrate adherence to the criteria.

Business hour

SOC 2

Outsourcing

Trust Service Criteria

General IT Controls

Attestation Services

Implement SOC 2

What is the impact on my organization?

What is the scope of a SOC 2 report?

More information?

Contact info

Link Footer