Frequently Asked Questions

SOC 2 (Service Organization Control 2) is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) for evaluating a service organization’s data security and privacy practices. The AICPA has established five trust principles that serve as the basis for SOC 2 compliance: security, availability, processing integrity, confidentiality, and privacy. SOC 2 compliance helps organizations demonstrate their commitment to protecting customer information, providing assurance to their customers and business partners. In order to demonstrate SOC 2 compliance, organizations are evaluated for the effectiveness of their controls related to the security, availability, processing integrity, confidentiality, and privacy of customer data. SOC 2 compliance is not a one-time event. Organizations must undergo regular audits to maintain their SOC 2 compliance status.

SOC 2 compliance is important because it helps organizations enhance data security and privacy, build trust with their customers, and comply with regulatory requirements. SOC 2 compliance also assures customers and business partners that an organization has effective controls in place to protect their sensitive content.

To become SOC 2 compliant, an organization must undergo an audit conducted by an independent auditor. The audit evaluates the effectiveness of the organization’s controls relatedto the five trust principles established by the AICPA: security, availability, processing integrity, confidentiality, and privacy. The audit process typically involves a risk assessment to identify potential security risks and implement controls to mitigate those risks. The audit process also includes a review of the organization’s policies, procedures, and systems, as well as interviews with employees and a site visit. Organizations must undergo regular audits to maintain their SOC 2 compliance status.

SOC 2 compliance offers several benefits to organizations, including: improved data security andprivacy practices by having identified areas for improvement and implementing effective controls; stronger trust with customers and business partners by demonstrating a commitment to data security and privacy; and additional business opportunities by having satisfied customer and partner requirements for data security and privacy.

The five trust principles established by the AICPA for SOC 2 compliance are:

  • Security: The system is protected against unauthorized access, both physical and logical.
  • Availability: The system is available for operation and use as committed or agreed upon.
  • Processing integrity: System processing is complete, accurate, timely, and authorized.
  • Confidentiality: Information designated as confidential is protected as committed or agreed upon.
  • Privacy: Personal information is collected, used, retained, disclosed, and destroyed in accordance with the organization’s privacy notice and with the criteria set forth in the AICPA’s privacy principles.

 

Take control of your sensitive information