What is a SOC 2?
Organisations providing these services need to demonstrate their principal service commitments and system requirements based on the trust services category of security and, if needed, availability, confidentiality, integrity, and/or privacy trust services categories.
They often do this by issuing a SOC 2 report. A SOC 2 report provides users with a description of the system, including the type of services provided, the entity’s principal service commitments and system requirements, and components of the system, such as infrastructure, procedures, and data used in providing the services.
The report also provides assurances as to whether the controls have been designed and operate effectively to achieve the entity’s service commitments and system requirements based on the applicable trust service criteria.