SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy.
SOC -2 (AICPA) is a report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. Regarding your organization, the audience of SOC-2 reports is a large range of stakeholders that need detailed information and assurance about the controls your organization has deployed relevant to the security, availability, and processing integrity of the systems.
These reports ensure the implementation of the following:
SOC-2 reports highlight the management’s description of a service organization’s system and the suitability of the design of controls.
For SOC-2 readiness and compliance, SPS works with key stakeholders across business and IT groups to identify and understand the full set of drivers and potential uses of the SOC-2 report. This includes a thorough review of policies, procedures, internal controls, and business processes. The location of critical customer data and supporting system functionality is also considered to create a comprehensive map of the “in-scope” IT environment. SPS provides process and policy-level design and drafting support to adopt SOC-2 requirements. Along with this, SPS provides a Vulnerability Assessment Service, Penetration Testing Service, and Security Operations Center (SOC) Services that fulfill key requirements of SOC-2.