Importance of obtaining a SOC 2 for your customers

Amid the always evolving landscape of cybersecurity risks and technological threats, organizations are constantly faced with various pressing concerns. Is our clients’ data secure? Is the data maintaining its integrity throughout the transactional process? Will the data be readily available in situations of potential downtime? These questions, amongst many others, can be addressed by undergoing a System and Organizational Controls (SOC) 2® examination.

What is a SOC 2 report?

A SOC 2 report evaluates the design and operating effectiveness of internal controls of a service organization and is focused on the systems that capture, store, transmit or process customer data. The primary focus of the SOC 2 relates to data security, which is one of five trust services categories established by the American Institute of Certified Public Accountants (AICPA). Additional categories can be included within the SOC 2 report. These additional categories include availability, processing integrity, confidentiality and privacy.

AICPA trust services categories

Security – information and systems are protected against unauthorized access 
Availability – information and systems are available for operations to meet the service organization’s objectives 
Processing Integrity – system processing is complete, valid, accurate, timely and authorized to meet the service organization’s objectives
Confidentiality – information designated as confidential is protected to meet the service organization’s objectives 
Privacy – personal information is collected, used, retained, disclosed and disposed of to meet the service organization’s objectives 

The security, availability, and processing integrity categories are related to the system, and the confidentiality and privacy categories are related to the information processed by the system.

SOC 2 report value

The SOC 2 report is utilized to inform external stakeholders, which often includes compliance officers, CIOs/CISOs, vendor risk management professionals, potential business partners, and other executives who oversee governance functions. Information that can be obtained via the SOC 2 report includes the systems, processes and internal controls at a service organization that are critical to meeting the organization’s service commitments and system requirements.