SOC 1 and SOC 2 reports offer assurance regarding your service organization’s internal controls and data security. They also help you establish and maintain credibility with your clients, investors and regulators. While these reports offer significant benefits, they can also be complex, so being prepared is key.
 
There are five Trust Services Principles (or criteria) that comprise a SOC 2 report: security, availability, processing integrity, confidentiality and privacy. SOC 2 reports are unique to each company due to the flexibility within the criteria. Whether you are in the process of preparing for a SOC examination for your service organization or are simply considering one, the resources below will help you better understand these reports — and your responsibilities when involved in one. Reach out directly to our SOC leaders with any questions or visit our SOC Readiness & Compliance page for more information.

Resources for SOC 2 Compliance

• SOC 2 Guide: Understanding the Key Components of Your System Description for Your SOC 2 Report (PDF)
• SOC Readiness Checklist (Excel)
• Information Security Policies Checklist (Excel)