What is SOC2 and do we need it?

SOC 2 Trust Categories

  • Security
  • Confidentiality
  • Processing Integrity
  • Availability
  • Privacy
  • Security: Control Environment (CC1.x), Communication and Information (CC2.x), Risk Assessment (CC3.x), Monitoring Activities(CC4.x), Control Activities (CC5.x), Logical and Physical Access Controls (CC6.x), System Operations (CC7.x), Change Management (CC8.x), Risk Mitigation (CC9.x)
  • Additional criteria for Availability (A1.x)
  • Additional criteria for Confidentiality (C1.x)
  • Additional criteria for Processing Integrity (PI1.x)
  • Additional criteria for Privacy (P1.x)

Difference between SOC 1 and SOC 2

  • Per aicpa.org, SOC 2 reports “are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy.” while SOC 1 reports are on just financial controls. They handle the financial transactions that a company makes.
  • SOC 1 report is a report generated by auditors for other auditors but a SOC 2 report usually has more confidential internal information which is not supposed to be shared with anyone outside the company (Actually this statement is not always true as most of the time customers ask for the reports and if you do not share the report, they may consider another provider)

Who needs a SOC 2 report?

Type 1 or Type 2?!

Why not SOC 3?

--

--

--

Information Security Expert, Cyber Security Engineer, Blogger, Mentor, PCI SME, CISM, CISA, CRISC, RHCSA, MCSE, CCNA, MBA, PMP, CLSSGB

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Top Cybersecurity Threats That Small and Medium-Sized Businesses Face

{UPDATE} 疯狂跳床! Hack Free Resources Generator

Deciphering the Hill Cipher and Rail Fence Cipher Algorithms

Configuring secure cipher suites in Windows Server 2019 IIS

Log4J bug hits everything, everywhere

Cydia Download iOS 12.2

All 7 Level up Token Location in Fortnite ! Monarch Quests

All 7 Level up token location in Fortnite

Facial Recognition Technology: How Police Identify Criminals?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ben Pournader

Ben Pournader

Information Security Expert, Cyber Security Engineer, Blogger, Mentor, PCI SME, CISM, CISA, CRISC, RHCSA, MCSE, CCNA, MBA, PMP, CLSSGB

More from Medium

HTB —Granny Write up

Have you ever heard of HTTP, HTTPS, SSL, and TSL If not let’s see

By default, the UNIX/ Linux systems maintain a record of commands executed by the users during the…

How Cobalt Strike became a potent tool for the Attackers