What is SOC-2?
SOC-2 is an assurance framework created by the American Institute of CPAs (AICPA) that helps organizations design, implement and operate controls to meet security, availability, processing integrity, confidentiality and privacy objectives.
The SOC-2 framework is based on five trust principles:
- Security: The system is protected against unauthorized access, both physical and logical.
- Availability: The system is available for operation and use as committed or agreed.
- Processing integrity: System processing is complete, accurate, timely, and authorized.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA.
SOC-2 compliance aims at:
- Demonstrating commitment to security and privacy
- Meeting security and compliance requirements
- Reducing risk
- Avoiding fines and penalties
- Gaining customer confidence
- Gaining partner confidence