What does SOC 2 report and why is it so important?
SOC stands for “System and Organization Controls”. A SOC 2 report is designed to provide assurances about the effectiveness of controls in place at a service organization that are relevant to the security, availability, or processing integrity of the system used to process clients’ information, or the confidentiality or privacy of that information.
Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology services. These reports are issued by independent third-party auditors.
What does SOC 2 Mean for SecureDock?
SOC 2 reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. The SOC 2 report provides an independent assessment of SecureDock’s security and privacy control environment. The assessment includes a description of the controls, the tests performed to evaluate them, the results of these tests, and an overall judgement of the design and operational effectiveness
What`s the scope?
SecureDock`s SOC 2 Report covers the AICPA’s the Trust Services Principles and Criteria for secure data processing and storage. Demonstrating proficiency across these criteria is an attestation to the following security principles:
- Security: the system is protected against unauthorized access, both physical and logical
- Availability: the system is available for operation and use as committed or agreed
- Confidentiality: information designated as confidential is protected as committed or agreed
Type 2 – Report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
For more information, please visit: https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/serviceorganization-smanagement.html
Who gets access to the report?
Due to the nature of the report and detailed information of security controls, access to the report is only possible for existing customers or prospects and require a signed Non-Disclosure Agreement (NDA) prior to granting access.
If you require access, contact your SecureDock account manager or support representative.