What is SOC 2 Type 2 Compliance?

By Ashlyn Eperjesi

Sep 2, 2020

Lawyers take the Bar Exam. Certified Public Accountants take the CPA Exam. It’s a set of professional criteria that highlight a higher level of expertise and performance. The SOC 2 audit is just that for Portland Oregon IT Service Providers.

SOC2® Type 2 Compliance

SOC2® was developed by The American Institute of Certified Public Accountants (AICPA) to set a new standard for the IT industry. Few IT Service Providers have the necessary controls in place to ensure security, privacy, and availability.

There Are Two Types of SOC2® Audits:

Type 1 – assesses our system that safeguards client data in a single report.
Type 2 – actively measures how effective IT operational procedures are over a period of at least 6 months. Requires frequent checks to ensure continued compliance.

SOC2® is Important, But Not All IT Providers Have it. Why?

It’s an investment. In order to meet the strict procedural requirements, IT Service Providers & MSPs must commit time, money, and business resources. And many IT providers simply don’t want to do that.

Another reason is accountability. The SOC2® audit report highlights gaps and potential weaknesses in MSP systems, so IT providers must hold their own business standards accountable. This level of transparency provides an honest look into how much you can trust an IT Service Provider – something that has previously been hard to do.

So, Why Does This Audit Matter?

The SOC2® Type 2 audit rigorously assesses at least 3 distinct Trust Service Criteria (TSC) to make sure our client’s data is properly protected. Here’s what clients can expect:

Security – data and systems are protected against hacking, loss of confidential information, and damage to systems that could threaten the safety of our client’s data and our systems.
Privacy – personal info is securely collected, used, retained, disclosed, and disposed of.
Availability – information and systems are available and optimized to meet company goals and client needs.
Confidentiality – important data is encrypted and safeguarded to ensure accessibility to only a specified set of persons or organizations.
Processing Integrity – systems achieve their required purpose in a valid, accurate, and efficient manner

With SOC2® Type 2 audits, companies now have the opportunity to know if an IT Service Provider is trustworthy, secure, and reliable from day one. Clients and prospects need more than verbal assurances, and this audit provides exactly that. For more information on the SOC® process, check out the AICPA's resources.

Why You Can't Always Trust Cyber Risk Assessments

Let’s begin with a reality check – your company will be the target of a cyber-attack. It’s no longer a question of if, but a matter of when. Learn why you can't always trust risk assessments with Portland Oregon IT security experts, FIxed Fee IT.