Optiv Cybersecurity Dictionary

What is SOC 2?

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 requires establishment and adherence to policies and procedures surrounding the security, availability, processing, integrity and confidentiality of customer data. More specifically, SOC 2 ensures that cybersecurity measures reflect up-to-date cloud requirements.

 

SOC 2 evaluates organizations on five “trust service principles”:

 

  1. Security – Does the system safeguard against unauthorized access?
  2. Availability – Is the system (including its products and services) accessible to users?
  3. Processing Integrity – In essence, does the system work? Does it “deliver the right content to the right person at the right time”?
  4. Confidentiality – Does the system assure data is accessible only to authorized parties?
  5. Privacy – Does the system rigorously safeguard and govern the collection, use, retention, disclosure and disposal of personally identifiable information (PII)?

Contact Us