What are SOC requirements?

Service Organization Control (SOC) 2 is a set of compliance requirements and auditing processes targeted for third-party service providers. It was developed to help companies determine whether their business partners and vendors can securely manage data and protect the interests and privacy of their clients.

What are the 5 SOC 2 Trust Principles?

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.

What are the five trust criteria?

Trust Services and Information Integrity

  • Security.
  • Availability.
  • Processing integrity.
  • Confidentiality.
  • Privacy.

What are the SOC 2 requirements?

SOC 2 Type II Compliance

  • Security. The organization’s system must have controls in place to safeguard against unauthorized physical and logical access.
  • Availability. The system must be available for operation and must be used as agreed.
  • Processing Integrity.
  • Confidentiality.
  • Privacy.

What is a SOC 2 Type 1?

SOC 2 Type 1 Definition: SOC 2 Type 1 is a report on a service organization’s system and the suitability of the design of controls. The report describes the current systems and controls in place and review documents around these controls.

What is TSP SOC?

SOC Reports. Wednesday, 12 September 2018. The AICPA Trust Services Principles and Criteria (TSP) are essentially control criteria established by the Assurance Services Executive Committee (ASEC), and consist of Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Does SOC 2 include SOC 1?

A SOC 1 report is designed to address internal controls over financial reporting while a SOC 2 report addresses a service organization’s controls that are relevant to their operations and compliance. One or both could be right for your organization.