SOC 2

SOC 2 Reports: Developed by the AICPA, SOC 2 reports validate security controls in place at service companies, including software companies, and are issued by registered CPA firms.
Report Sections: SOC 2 reports consist of four sections: the independent service auditor's report, management's assertion, system description, and trust service criteria and related control activities.
Trust Service Categories (TSCs): The five TSCs are security, availability, confidentiality, process and integrity, and privacy. Security is mandatory, while the others are optional.
Types of Reports: There are two types of SOC 2 reports: Type 1 (point-in-time) and Type 2 (over a period, typically 12 months).

Understanding SOC 2 is crucial for GRC professionals working with companies in the US.

Last updated 22 days ago