The SOC 2 report must be prepared including the internal control framework and associated controls. Absent controls and procedures are implemented within the organization. SOC 2 reports are audited by professional independent external auditors (CPA, CA, Wirtshaftsprufer, expert comptable or RA).
SOC 2 focuses on a business’s non-financial reporting controls as they relate to Security, Availability, Processing integrity, Confidentiality, and Privacy. These principles are outlined in the Trust Services Criteria. Each of the criteria has defined requirements (Points of Focus) that must be met to implement within the organization to demonstrate adherence to the criteria.