SOC 2 report (issued under SSAE18 (supersedes SSAE16 and SAS70).
The Service Organization Control (SOC) 2 Report will be performed in accordance with AT 101 and based upon the Trust Services Principles, with the ability to test and report on the design (Type I) and operating (Type II) effectiveness of a service organization’s controls (just like SOC 1). The SOC 2 report focuses on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system, as opposed to SOC 1 which is generally focused on the financial reporting controls.
The SOC 2 reporting is based on the COSO framework. Additional the following criteria has been established
The SOC 2 consulting engagement involves compliance to the trust principles. Controls and documentation has to be created for the Trust Principles criteria. Our approach involves