SOC

A suite of audit reports developed by the American Institute of Certified Public Accountants (AICPA) that assess how service organizations handle data security, privacy, and internal controls. SOC reports help build trust with clients and partners.

A type of SOC report focused on the effectiveness of internal controls relevant to financial reporting. It’s often required by organizations that outsource financial processing services and is used by clients’ auditors during their financial audits. There are two types of SOC 1 reports:

• Type I: Offers your auditor’s opinion that your system is sufficiently designed to achieve the related objectives on a specified date.
• Type II: Includes the same information as a SOC 1 Type I report but focuses on testing control effectiveness over a period of time.

A type of SOC report focused on evaluating a service organization’s controls related to the Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. SOC 2 is highly relevant across a wide variety of industries and roles, and it is especially applicable for companies that store, process, or transmit customer data.

• SOC 2 Type I: Examines the design of controls at a specific point in time.
• SOC 2 Type II: Assesses the operational effectiveness of those controls over a defined period (typically 6-12 months).

A licensed CPA firm or professional authorized to conduct SOC 2 examinations based on the AICPA’s Trust Services Criteria.

A simplified, publicly shareable version of a SOC 2 report. It provides a high-level overview of compliance without disclosing sensitive control details.

Independent third-party audit reports that assess an organization’s internal controls. Includes SOC 1, SOC 2, and SOC 3, each serving different compliance and trust-building purposes.

The five core principles used to evaluate SOC 2 and SOC 3 reports. These include security, availability, processing integrity, confidentiality, and privacy.