SOC COMPLIANCE

What is SOC Compliance?

SOC compliance refers to a certification given to an organization that has completed a third-party audit. The audit must show that the organization has certain controls in place to safeguard their IT systems.

Who needs SOC Compliance?

SOC compliance is designed to prove to the customers of a service provider that the company can provide the services it is contracted to provide. Customers do not have visibility into a company’s systems and IT environments. Additionally, most customers do not know how to evaluate a company’s security policies in order to determine if their data is safe with the company.

A SOC audit performed by a third-party validates that the service provider’s systems and controls meet the requirements necessary to keep a customer’s data secure.

Are there different levels of SOC compliance?

There are three levels of SOC compliance.

SOC 1: SOC 1 is focused primarily on controls that affect a customer’s financial reporting.

SOC 2: Used primarily for cloud service providers, SOC 2 focuses on controls in place for security, confidentiality, and privacy.

SOC 3: SOC 3 provides the same information as SOC 2, but summarizes the information at a higher level than SOC 2 so it is easier to understand.