SOC 2 Audit Reports

Service Organization Controls (SOC) 2 reports are designed to provide comfort over the following principles: Security, Availability, Confidentiality, Processing Integrity, and Privacy (if applicable) of a System. A System is comprised of the Infrastructure, Software, People, Procedures, and Data used to complete the services provided.

The following is a brief description of the goals to be achieved with each principle:

  • Security – The system is protected against unauthorized access (both physical and logical).
  • Availability –The system is available for operation and use as committed or agreed upon.
  • Processing Integrity – System processing is complete, accurate, timely, and authorized.
  • Confidentiality –Information designated as confidential is protected as committed or agreed upon.
  • Privacy –Personal information is collected, used, retained, disclosed, and/or destroyed in accordance with established standards.

Not all principles noted above must be in place to complete the SOC 2 audit reports. Assure Professional will work with your team to determine which principles should be covered by the report. Organizations have the ability to choose which principles will be covered by the audit because not all principles are required to complete a service. We want to be your partner. For additional information please Contact Us

SOC 2® – SOC for Service Organizations: Trust Services Criteria

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

Similar to a SOC 1 report, there are two types of reports: A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted.