What Is SOC 2?

SOC 2 is a set of requirements defined by the American Institute of Certified Public Accountants (AICPA). The AICPA bases those requirements on its System and Organization Controls (SOC) framework. Five SOC Trust Services Criteria (TSC) form the basis of that framework — Security, Availability, Confidentiality, Processing Integrity, and Privacy.

You must be audited by an AICPA-certified SOC 2 auditor to comply with SOC 2.  That person must be a CPA and meet additional AICPA training and experience requirements.

A SOC 2 audit documents the internal controls in place that manage and protect customer data, including personally identifiable information (PII). There are two types of SOC 2 audit reports. Type 1 focuses on compliance as of a specific date. Type 2 expands that focus to a specific length of time, typically but not always 12 months.

How Trustero Can Help

Trustero Compliance as a Service (CaaS) is cloud-based, easy-to-use compliance automation software. It is designed to simplify audit readiness and enable continuous compliance.

For example, the Trustero platform includes auditor-approved controls and auditor-vetted policy templates. You can use these as they are, modify them as needed, and easily add your own controls. These features can make audits faster and easier, for you and for your auditor.

In addition, the Trustero solution constantly monitors your technology infrastructure and can notify administrators when an element falls out of compliance. Trustero CaaS also integrates with leading Software as a Service (SaaS) tools and platforms. And the Trustero platform delivers comprehensive reports on your technology estate and compliance posture, regularly and on demand. These features help you achieve and sustain continuous compliance. They also ease and speed future audits and reports.

Learn More:

Explore Trustero Compliance as a Service