Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 requires establishment and adherence to policies and procedures surrounding the security, availability, processing, integrity and confidentiality of customer data. More specifically, SOC 2 ensures that cybersecurity measures reflect up-to-date cloud requirements.
SOC 2 evaluates organizations on five “trust service principles”:
- Security – Does the system safeguard against unauthorized access?
- Availability – Is the system (including its products and services) accessible to users?
- Processing Integrity – In essence, does the system work? Does it “deliver the right content to the right person at the right time”?
- Confidentiality – Does the system assure data is accessible only to authorized parties?
- Privacy – Does the system rigorously safeguard and govern the collection, use, retention, disclosure and disposal of personally identifiable information (PII)?
View the Cybersecurity Dictionary for top terms searched by your peers.