Service Organization Controls (SOC) 2 reports are designed to provide comfort over the following principles: Security, Availability, Confidentiality, Processing Integrity, and Privacy (if applicable) of a System. A System is comprised of the Infrastructure, Software, People, Procedures, and Data used to complete the services provided. The following is a brief description of the goals to be achieved with each principle:
- Security – The system is protected against unauthorized access (both physical and logical).
- Availability –The system is available for operation and use as committed or agreed upon.
- Processing Integrity – System processing is complete, accurate, timely, and authorized.
- Confidentiality –Information designated as confidential is protected as committed or agreed upon.
- Privacy –Personal information is collected, used, retained, disclosed, and/or destroyed in accordance with established standards.
Not all principles noted above must be in place to complete the SOC 2 audit reports. Assure Professional will work with your team to determine which principles should be covered by the report. Organizations have the ability to choose which principles will be covered by the audit because not all principles are required to complete a service. We want to be your partner. For additional information please Contact Us