Back to Regulations

SOC 2

International

Service Organization Control 2

CertificationEffective: 1. Jan. 2010

Your Compliance Status

67%
2 of 3 requirements met

Overview

SOC 2 is a compliance framework for service organizations, focusing on security, availability, processing integrity, confidentiality, and privacy of customer data.

Key Points

  • 1

    Based on Trust Services Criteria by AICPA

  • 2

    Type I: Point-in-time assessment of control design

  • 3

    Type II: Assessment of control effectiveness over time (6-12 months)

  • 4

    Security criterion is mandatory; others are optional

  • 5

    Reports are confidential and shared under NDA

  • 6

    Annual recertification required

Requirements Checklist

Security Controls

Compliant

Implement required security controls

Availability Controls

Partially Compliant

Ensure service availability commitments

Confidentiality Controls

Compliant

Protect confidential information

Penalties for Non-Compliance

Not a legal requirement; loss of certification affects customer trust

Official Resources

AICPA SOC Suite

Related Inquiries

Related Documents

SOC 2 Type II Report 2024

4.8 MB