Soc 2 (type 2)
Developed by the American Institute of CPAs (AICPA), SOC 2 is an auditing procedure that ensures service providers securely manage data to protect the interests and privacy of both a business and its clients.
SOC 2 applies to any service provider that stores customer data in the cloud. It is quite relevant to SaaS businesses, but also to many others who store their customers’ data in this way.
The five principles of SOC 2 compliance are known as the Trust Services Criteria (TSC).
Availability - Systems and information are available for use and operation.
Confidentiality - Sensitive information is protected from unauthorized access.
Privacy - Sensitive information is collected, used, and disposed of in a safe manner.
Processing integrity - Data is not changed or altered in an unauthorized manner.
Security - This is a foundational rule that requires all systems to be protected against unauthorized access and use.
The SOC 2 is a certification issued after a thorough audit by outside auditors. All SOC 2 audits are signed by licensed CPAs. To achieve SOC 2 compliance, most companies spend anywhere from six months to a year on focused preparation.
Because SOC 2’s requirements dovetail with other frameworks including HIPAA and PCI DSS, attaining certification can speed your overall compliance efforts. Furthermore, it can help prevent breaches and provide a competitive business edge.
Centraleyes delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to meet the SOC 2 requirements. Centraleyes has mapped SOC 2 back to its control inventory allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the Centraleyes platform organizations can gain full visibility to their cyber risk levels and compliance.