SOC 2 - System and Organization Controls for Service Providers


The SOC 2 report is based on upon the Trust Services Criteria (TSC). with the ability to test and report on the design (type I) and the operating (type II) of the effectiveness of a services organization's controls. The Trust Service Criteria (which SOC 2 is based upon) has the following criteria:

1. Security - Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity's ability to meet its objectives.
2. Availability - Information and systems are available for operation and use to meet the entity's objectives.
3. Processing integrity - Systems processing is complete, valid, accurate, timely, and authorized to meet the entity's objectives.
4. Confidentiality - Information designated as confidential is protected to meet the entity's objectives.
5. Privacy - Personal information is collected, used, retained, disclosed, and disposed of to meet the entity's objectives.