Welcome to ITS! Learn more about our strategic partnership with Digital Seattle!

Karen Ting

By: Karen Ting on December 16th, 2022

Print/Save as PDF

What is SOC 2 Compliance? [Video]

Cybersecurity | Cloud

Compliance is critical for many reasons beyond security; it can affect your business reputation, integrity, and client trust. That’s why it is important to know and adhere to regulatory standards like SOC 2 Compliance which we’ll break down in today’s video. 

What is SOC 2

0:54 What is SOC 2?   

Service Organization Control compliance or SOC is an auditing procedure developed by the American Institute of CPAs or AICPA for service organizations. It protects organizations’ interests and clients' privacy.    

There are two types of SOC reports: 

  1. Type I describes a vendor’s systems and whether their design is suitable to meet relevant trust principles 
  2. Type II details the operational effectiveness of those systems over the audit period.   

1:54 Who needs to be SOC 2 compliant?  

SOC 2 compliance is most relevant to businesses in the financial services industry, but its role encompasses all service organizations. If you are a technology-based service organization that stores customer data in the cloud, you will need to consider getting a SOC 2 audit.   

2:37 What are the five trust principles of SOC 2?   

The SOC 2 compliance standard is based on five Trust Services Criteria, which are:  

  1. Security – Established by restricting access to information through user authorization.  
  2. Availability – Established by ensuring parties who own information have access to it.  
  3. Processing integrity – Established by minimizing flaws in all cybersecurity architecture.  
  4. Confidentiality – Established by taking extra measures to protect unique kinds of data.  
  5. Privacy – Established by paying particular attention to personally identifiable information or PII. 

3:40 What is the SOC 2 audit process?  

  1. Choose your report type. 
  2. Define the scope. 
  3. Conduct a gap analysis. 
  4. Complete a readiness assessment. 
  5. Select an auditor. 
  6. Begin the formal audit process. 

Now that you have a better understanding of SOC2 compliance and how critical it is for your business, you can schedule a meeting with one of our experts. They can help you stay on top of the latest cybersecurity and compliance standards and provide a road map on getting compliant. 

Top 15 Cybersecurity Best Practices