SOC 2 Reports
SOC 2 is the gold standard to ensure you are securing your data and mitigating risk. It is the second of three System and Organization Controls defined by the American Institute of Certified Public Accounts.
This framework designs policies, practices, and internal controls based on security, privacy, availability, processing integrity, and confidentiality.
-
What is the difference between SOC 1 and SOC 2?
• SOC 1 focuses on financial controls to ensure proper handling of a client’s financial information.
• SOC 2 focuses on non-financial controls for protecting data. -
What is Type 1 vs Type 2?
We recommend starting with a Type 1 and building to a Type 2. The difference between Type 1 and Type 2 is design versus operating effectiveness.
• Type I tests design by looking at your description of controls at a particular point in time.
• Type II tests effectiveness by collecting evidence of operating controls over a 6–12-month period. -
Who needs SOC 2?
SOC 2 is usually required by large companies, financial institutions, and health care organizations to do business. Every modern company will benefit from a SOC 2 to ensure proper information security.