What does SOC2 stand for?

<span data-sheets-value="{"1":2,"2":"Soc 2, pronounced \"sock two\" and more formally known as Service Organization Control 2, reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy. "}" data-sheets-userformat="{"2":897,"3":{"1":0},"10":1,"11":4,"12":0}">Soc 2, pronounced “sock two” and more formally known as Service Organization Control 2, reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy.

What is a SOC2 report? How do I review a SOC report?

<span data-sheets-value="{"1":2,"2":"A SOC 2 audit report provides detailed information and assurance about a service organisation's security, availability, processing integrity, confidentiality and privacy controls, based on their compliance with the AICPA's (American Institute of Certified Public Accountants) TSC (Trust Services Criteria)."}" data-sheets-userformat="{"2":897,"3":{"1":0},"10":1,"11":4,"12":0}">A SOC 2 audit report provides detailed information and assurance about a service organisation’s security, availability, processing integrity, confidentiality and privacy controls, based on their compliance with the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria).

What are the differences between SOC2 and SOC1?

<span data-sheets-value="{"1":2,"2":"SOC 2 reports: The SOC 1 addresses internal control relevant to a service organization's client's financial statements. The SOC 2 report addresses a service organization's controls that are relevant to its operations and compliance, as outlined by the AICPA's Trust Services Criteria (TSC)"}" data-sheets-userformat="{"2":897,"3":{"1":0},"10":1,"11":4,"12":0}">SOC 2 reports: The SOC 1 addresses internal control relevant to a service organization’s client’s financial statements. The SOC 2 report addresses a service organization’s controls that are relevant to its operations and compliance, as outlined by the AICPA’s Trust Services Criteria (TSC)

What is User Access Review?

<span data-sheets-value="{"1":2,"2":"User access reviews (sometimes referred to as “access certification” or “access recertification”) are a periodic audit of existing access rights in your organization meant to remove unnecessary or outdated permissions, which are a risk to both cybersecurity and compliance."}" data-sheets-userformat="{"2":897,"3":{"1":0},"10":1,"11":4,"12":0}">User access reviews (sometimes referred to as “access certification” or “access recertification”) are a periodic audit of existing access rights in your organization meant to remove unnecessary or outdated permissions, which are a risk to both cybersecurity and compliance.

How do I do a SOC2 access review?

<span data-sheets-value="{"1":2,"2":"Best Practices for Reviewing User Access\nCreate and keep an access management policy up to date. ...\nEstablish a formal access review procedure. ...\nImplement role-based access control (RBAC) ...\nImplement the principle of least privilege. ...\nProvide temporary access instead of permanent access. ...\nInvolve employees and management."}" data-sheets-userformat="{"2":897,"3":{"1":0},"10":1,"11":4,"12":0}"> Best Practices for Reviewing User Access: <span data-sheets-value="{"1":2,"2":"Best Practices for Reviewing User Access\nCreate and keep an access management policy up to date. ...\nEstablish a formal access review procedure. ...\nImplement role-based access control (RBAC) ...\nImplement the principle of least privilege. ...\nProvide temporary access instead of permanent access. ...\nInvolve employees and management."}" data-sheets-userformat="{"2":897,"3":{"1":0},"10":1,"11":4,"12":0}">Create and keep an access management policy up to date. <span data-sheets-value="{"1":2,"2":"Best Practices for Reviewing User Access\nCreate and keep an access management policy up to date. ...\nEstablish a formal access review procedure. ...\nImplement role-based access control (RBAC) ...\nImplement the principle of least privilege. ...\nProvide temporary access instead of permanent access. ...\nInvolve employees and management."}" data-sheets-userformat="{"2":897,"3":{"1":0},"10":1,"11":4,"12":0}">Establish a formal access review procedure. <span data-sheets-value="{"1":2,"2":"Best Practices for Reviewing User Access\nCreate and keep an access management policy up to date. ...\nEstablish a formal access review procedure. ...\nImplement role-based access control (RBAC) ...\nImplement the principle of least privilege. ...\nProvide temporary access instead of permanent access. ...\nInvolve employees and management."}" data-sheets-userformat="{"2":897,"3":{"1":0},"10":1,"11":4,"12":0}">Implement role-based access control (RBAC) . <span data-sheets-value="{"1":2,"2":"Best Practices for Reviewing User Access\nCreate and keep an access management policy up to date. ...\nEstablish a formal access review procedure. ...\nImplement role-based access control (RBAC) ...\nImplement the principle of least privilege. ...\nProvide temporary access instead of permanent access. ...\nInvolve employees and management."}" data-sheets-userformat="{"2":897,"3":{"1":0},"10":1,"11":4,"12":0}">Implement the principle of least privilege. <span data-sheets-value="{"1":2,"2":"Best Practices for Reviewing User Access\nCreate and keep an access management policy up to date. ...\nEstablish a formal access review procedure. ...\nImplement role-based access control (RBAC) ...\nImplement the principle of least privilege. ...\nProvide temporary access instead of permanent access. ...\nInvolve employees and management."}" data-sheets-userformat="{"2":897,"3":{"1":0},"10":1,"11":4,"12":0}">Provide temporary access instead of permanent access. <span data-sheets-value="{"1":2,"2":"Best Practices for Reviewing User Access\nCreate and keep an access management policy up to date. ...\nEstablish a formal access review procedure. ...\nImplement role-based access control (RBAC) ...\nImplement the principle of least privilege. ...\nProvide temporary access instead of permanent access. ...\nInvolve employees and management."}" data-sheets-userformat="{"2":897,"3":{"1":0},"10":1,"11":4,"12":0}">Involve employees and management.

What is SOC2 Compliance?

SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy.

FAQs

What does SOC2 stand for?

Soc 2, pronounced “sock two” and more formally known as Service Organization Control 2, reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy.
What is a SOC2 report? How do I review a SOC report?

A SOC 2 audit report provides detailed information and assurance about a service organisation’s security, availability, processing integrity, confidentiality and privacy controls, based on their compliance with the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria).
What are the differences between SOC2 and SOC1?

SOC 2 reports: The SOC 1 addresses internal control relevant to a service organization’s client’s financial statements. The SOC 2 report addresses a service organization’s controls that are relevant to its operations and compliance, as outlined by the AICPA’s Trust Services Criteria (TSC)
What is User Access Review?

User access reviews (sometimes referred to as “access certification” or “access recertification”) are a periodic audit of existing access rights in your organization meant to remove unnecessary or outdated permissions, which are a risk to both cybersecurity and compliance.
How do I do a SOC2 access review?
Best Practices for Reviewing User Access:
- Create and keep an access management policy up to date.
- Establish a formal access review procedure.
- Implement role-based access control (RBAC) .
- Implement the principle of least privilege.
- Provide temporary access instead of permanent access.
- Involve employees and management.