User entities and organizations want reporting that provides assurance on controls over operations and compliance, rather than just on controls over financial reporting. The AICPA created a framework to enable a broader type of third party attestation reporting on controls at service organizations beyond merely financial reporting. This framework is the Service Organization Control (SOC) reporting framework. The SOC framework has 3 different reporting options: SOC1, SOC2, and SOC3.
SOC 2 reports are appropriate for engagements to report on controls at a service organization related to the Trust Service Principles, defined by the AICPA in TSP Section 100. The Trust Service Principles are:
SOC 2 engagements are performed in accordance with AT section 101, Attestation Engagements, using guidance in the AICPA Guide, Reporting on Controls at the Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy.
Unlike PCI DSS, which has very rigid requirements, SOC 2 reports are unique to each organization.
Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it's worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment. Following are ten benefits:
What Our Customers Say?
Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.