What is SOC 2 Compliance?
Our penetration testing services are designed to facilitate compliance with the PCI-SOC 2 security testing requirements.
Reasons to Become SOC 2 Compliant
Secure business partnerships
Improve your security measures
Prevent incidents & financial losses
Protect your brand image
Appeal to investors and buyers
Comply with 3rd-party requirements
Types of SOC 2 reports
There are two ways to approach SOC 2 compliance:
- Type I – describes a vendor’s systems and whether their design is suitable to meet relevant trust principles.
- Type II – details the operational effectiveness of those systems.
Type 1 reports can be compared to a simple “note to reader” financial statement. Type 2 reports, on the other hand, can be compared to an audited financial statement. Therefore, the most involved, detailed, and valuable certification that evaluates your operations is a Type 2 report.
The Trust Service Principles of SOC Compliance
Personal information is collected, used, retained, disclosed and disposed [of] to meet the entity’s objectives.
Information designated as confidential is protected to meet the entity’s objectives.
Information and systems are available for operation and use to meet the entity’s objectives.
System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.