SOC 2

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 requires establishment and adherence to policies and procedures surrounding the security, availability, processing, integrity and confidentiality of customer data. More specifically, SOC 2 ensures that cybersecurity measures reflect up-to-date cloud requirements.

 

SOC 2 evaluates organizations on five “trust service principles”:

 

  1. Security – Does the system safeguard against unauthorized access?
  2. Availability – Is the system (including its products and services) accessible to users?
  3. Processing Integrity – In essence, does the system work? Does it “deliver the right content to the right person at the right time”?
  4. Confidentiality – Does the system assure data is accessible only to authorized parties?
  5. Privacy – Does the system rigorously safeguard and govern the collection, use, retention, disclosure and disposal of personally identifiable information (PII)?

 

Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.